diff --git a/lib/StaticAnalyzer/Core/ExprEngine.cpp b/lib/StaticAnalyzer/Core/ExprEngine.cpp
index 0e488646458fea436621f504d83aeade3f20e42b..007bcf52085e7ab69802a0d3dbb941325e39cc3d 100644
--- a/lib/StaticAnalyzer/Core/ExprEngine.cpp
+++ b/lib/StaticAnalyzer/Core/ExprEngine.cpp
@@ -1515,30 +1515,22 @@ void ExprEngine::VisitMemberExpr(const MemberExpr *M, ExplodedNode *Pred,
     return;
   }
 
+  // FIXME: Should we insert some assumption logic in here to determine
+  // if "Base" is a valid piece of memory?  Before we put this assumption
+  // later when using FieldOffset lvals (which we no longer have).
+
   // For all other cases, compute an lvalue.    
   SVal L = state->getLValue(field, baseExprVal);
   if (M->isGLValue()) {
-    ExplodedNodeSet Tmp;
-    Bldr.takeNodes(Pred);
-    evalLocation(Tmp, M, M, Pred, state, baseExprVal,
-                 /*Tag=*/0, /*isLoad=*/true);
-    Bldr.addNodes(Tmp);
-
-    const MemRegion *ReferenceRegion = 0;
     if (field->getType()->isReferenceType()) {
-      ReferenceRegion = L.getAsRegion();
-      if (!ReferenceRegion)
+      if (const MemRegion *R = L.getAsRegion())
+        L = state->getSVal(R);
+      else
         L = UnknownVal();
     }
 
-    for (ExplodedNodeSet::iterator I = Tmp.begin(), E = Tmp.end(); I != E; ++I){
-      state = (*I)->getState();
-      if (ReferenceRegion)
-        L = state->getSVal(ReferenceRegion);
-
-      Bldr.generateNode(M, (*I), state->BindExpr(M, LCtx, L), 0,
-                        ProgramPoint::PostLValueKind);
-    }
+    Bldr.generateNode(M, Pred, state->BindExpr(M, LCtx, L), 0,
+                      ProgramPoint::PostLValueKind);
   } else {
     Bldr.takeNodes(Pred);
     evalLoad(Dst, M, M, Pred, state, L);
diff --git a/test/Analysis/fields.c b/test/Analysis/fields.c
index a10d5a806016d7b1b915711f7e1f1a7f185a1d8b..da0847a5607464a53f5c6bfd54edc959e6317eb1 100644
--- a/test/Analysis/fields.c
+++ b/test/Analysis/fields.c
@@ -26,10 +26,3 @@ void test() {
   Point p;
   (void)(p = getit()).x;
 }
-
-
-void testNullAddress() {
-  Point *p = 0;
-  int *px = &p->x; // expected-warning{{Access to field 'x' results in a dereference of a null pointer (loaded from variable 'p')}}
-  *px = 1; // No warning because analysis stops at the previous line.
-}
diff --git a/test/Analysis/nullptr.cpp b/test/Analysis/nullptr.cpp
index 80ef5fbf6d05b231b8e632794c272ded73d50e25..050c3f8dc56a533aeed0d54e7ec4edc0881db86a 100644
--- a/test/Analysis/nullptr.cpp
+++ b/test/Analysis/nullptr.cpp
@@ -23,11 +23,10 @@ void foo3(void) {
   };
   char *np = nullptr;
   // casting a nullptr to anything should be caught eventually
-  int *ip = &(((struct foo *)np)->f);  // expected-warning{{Access to field 'f' results in a dereference of a null pointer (loaded from variable 'np')}}
-
-  // Analysis stops at the first problem case, so we won't actually warn here.
-  *ip = 0;
-  *np = 0;
+  int *ip = &(((struct foo *)np)->f);
+  *ip = 0;  // expected-warning{{Dereference of null pointer}}
+  // should be error here too, but analysis gets stopped
+//  *np = 0;
 }
 
 // nullptr is implemented as a zero integer value, so should be able to compare