diff --git a/libiberty/ChangeLog b/libiberty/ChangeLog
index f3234ea47891..8a1965b8ac39 100644
--- a/libiberty/ChangeLog
+++ b/libiberty/ChangeLog
@@ -1,3 +1,11 @@
+1999-03-30  Tom Tromey  <tromey@cygnus.com>
+
+	* cplus-dem.c (consume_count): If `count' wraps, return 0 and
+	don't advance input pointer.
+	(demangle_class_name): If consume_count didn't find a count, do
+	nothing.  Don't bother with `strlen' sanity check; consume_count
+	does it for us.
+
 Thu Mar 11 01:22:58 1999  Mumit Khan  <khan@xraylith.wisc.edu>
 
 	* pexecute.c (__CYGWIN32__): Rename to
diff --git a/libiberty/cplus-dem.c b/libiberty/cplus-dem.c
index a3eb85f013ea..ec05edf40fc7 100644
--- a/libiberty/cplus-dem.c
+++ b/libiberty/cplus-dem.c
@@ -428,12 +428,22 @@ static int
 consume_count (type)
      const char **type;
 {
-  int count = 0;
+  unsigned int count = 0;
+  char *save = *type;
 
   while (isdigit ((unsigned char)**type))
     {
       count *= 10;
       count += **type - '0';
+      /* A sanity check.  Otherwise a symbol like
+	 `_Utf390_1__1_9223372036854775807__9223372036854775'
+	 can cause this function to return a negative value.
+	 In this case we just consume until the end of the string.  */
+      if (count > strlen (*type))
+	{
+	  *type = save;
+	  return 0;
+	}
       (*type)++;
     }
   return (count);
@@ -1946,7 +1956,7 @@ demangle_class_name (work, mangled, declp)
   int success = 0;
 
   n = consume_count (mangled);
-  if ((int) strlen (*mangled) >= n)
+  if (n > 0)
     {
       demangle_arm_hp_template (work, mangled, n, declp);
       success = 1;