diff --git a/lib/checkbufferoverrun.cpp b/lib/checkbufferoverrun.cpp
index b3546a38e..85a3b33db 100644
--- a/lib/checkbufferoverrun.cpp
+++ b/lib/checkbufferoverrun.cpp
@@ -273,7 +273,7 @@ static bool bailoutIfSwitch(const Token *tok, const unsigned int varid)
         end = end->linkAt(2);
     if (Token::simpleMatch(end, "{")) // Ticket #5203: Invalid code, bailout
         return true;
-    for (; tok != end; tok = tok->next()) {
+    for (; tok && tok != end; tok = tok->next()) {
         // If scanning a "if" block then bailout for "break"
         if (is_if && (tok->str() == "break" || tok->str() == "continue"))
             return true;
diff --git a/test/testbufferoverrun.cpp b/test/testbufferoverrun.cpp
index 9e17e3de2..4458f144a 100644
--- a/test/testbufferoverrun.cpp
+++ b/test/testbufferoverrun.cpp
@@ -240,6 +240,7 @@ private:
         TEST_CASE(crash2);  // Ticket #2607 - crash
         TEST_CASE(crash3);  // Ticket #3034 - crash
         TEST_CASE(crash4);  // Ticket #5426 - crash
+        TEST_CASE(crash5);  // TIcket #5595 - crash
 
         TEST_CASE(garbage1);  // Ticket #5203
 
@@ -3673,6 +3674,10 @@ private:
               "void d() { struct b *f; f = malloc(108); }");
     }
 
+    void crash5() {
+        check("static f() { int i; int source[1] = { 1 }; for (i = 0; i < 4; i++) (u, if (y u.x e)) }"); // Garbage code
+    }
+
     void garbage1() { // Ticket #5203
         check("int f ( int* r ) { {  int s[2] ; f ( s ) ; if ( ) } }");
     }