diff --git a/lib/checkbufferoverrun.cpp b/lib/checkbufferoverrun.cpp
index d04290368..2dc2a5e21 100644
--- a/lib/checkbufferoverrun.cpp
+++ b/lib/checkbufferoverrun.cpp
@@ -1265,6 +1265,10 @@ void CheckBufferOverrun::checkGlobalAndLocalVariable()
 
             // varid : The variable id for the array
             const Variable *var = tok->next()->variable();
+            // FIXME: This is an ugly fix for a crash. The SymbolDatabase
+            // should create the variable.
+            if (!var)
+                continue;
 
             if (mTokenizer->isCPP() && Token::Match(tok, "[*;{}] %var% = new %type% [")) {
                 tok = tok->tokAt(5);
diff --git a/test/testbufferoverrun.cpp b/test/testbufferoverrun.cpp
index 3e5429e19..5694e9d1e 100644
--- a/test/testbufferoverrun.cpp
+++ b/test/testbufferoverrun.cpp
@@ -225,6 +225,7 @@ private:
         TEST_CASE(crash2);  // Ticket #3034 - crash
         TEST_CASE(crash3);  // Ticket #5426 - crash
         TEST_CASE(crash4);  // Ticket #8679 - crash
+        TEST_CASE(crash5);  // Ticket #8644 - crash
 
         TEST_CASE(executionPaths1);
         TEST_CASE(executionPaths2);
@@ -3654,6 +3655,14 @@ private:
               "}");
     }
 
+    void crash5() { // 8644 - token has varId() but variable() is null
+        check("int a() {\n"
+              "    void b(char **dst) {\n"
+              "        *dst = malloc(50);\n"
+              "    }\n"
+              "}");
+    }
+
     void executionPaths1() {
         check("void f(int a)\n"
               "{\n"