diff --git a/lib/tokenlist.cpp b/lib/tokenlist.cpp
index 6cd58a78573..d8048af2ee3 100644
--- a/lib/tokenlist.cpp
+++ b/lib/tokenlist.cpp
@@ -1582,7 +1582,7 @@ static Token * createAstAtToken(Token *tok)
             AST_state state1(cpp);
             compileExpression(tok2, state1);
             if (Token::Match(init1, "( !!{")) {
-                for (Token *tok3 = init1; tok3 != tok3->link(); tok3 = tok3->next()) {
+                for (Token *tok3 = init1; tok3 && tok3 != tok3->link(); tok3 = tok3->next()) {
                     if (tok3->astParent()) {
                         while (tok3->astParent())
                             tok3 = tok3->astParent();
diff --git a/test/cli/fuzz-crash/crash-e000709d155e9c993795748ba31fddacbd5a86ac b/test/cli/fuzz-crash/crash-e000709d155e9c993795748ba31fddacbd5a86ac
new file mode 100644
index 00000000000..6f94840a159
--- /dev/null
+++ b/test/cli/fuzz-crash/crash-e000709d155e9c993795748ba31fddacbd5a86ac
@@ -0,0 +1 @@
+{for(()s)}
\ No newline at end of file