diff --git a/CHANGELOG b/CHANGELOG
index e4b1f2d8..b42cfb44 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -37,6 +37,9 @@ HISTORY
 
  ++ Bugfixes:
 
+  2011-09-20: Simon Goldschmidt
+  * timers.c: fixed bug #34337 (possible NULL pointer in sys_check_timeouts)
+
   2011-09-11: Simon Goldschmidt
   * tcp_out.c: use pcb->mss instead of TCP_MSS for preallocate mss-sized pbufs
     (bug #34019)
diff --git a/src/core/timers.c b/src/core/timers.c
index 12a7473b..8af1b017 100644
--- a/src/core/timers.c
+++ b/src/core/timers.c
@@ -357,15 +357,15 @@ sys_untimeout(sys_timeout_handler handler, void *arg)
 void
 sys_check_timeouts(void)
 {
-  struct sys_timeo *tmptimeout;
-  u32_t diff;
-  sys_timeout_handler handler;
-  void *arg;
-  int had_one;
-  u32_t now;
-
-  now = sys_now();
   if (next_timeout) {
+    struct sys_timeo *tmptimeout;
+    u32_t diff;
+    sys_timeout_handler handler;
+    void *arg;
+    u8_t had_one;
+    u32_t now;
+
+    now = sys_now();
     /* this cares for wraparounds */
     diff = LWIP_U32_DIFF(now, timeouts_last_time);
     do
@@ -375,7 +375,7 @@ sys_check_timeouts(void)
 #endif /* PBUF_POOL_FREE_OOSEQ */
       had_one = 0;
       tmptimeout = next_timeout;
-      if (tmptimeout->time <= diff) {
+      if (tmptimeout && (tmptimeout->time <= diff)) {
         /* timeout has expired */
         had_one = 1;
         timeouts_last_time = now;