diff --git a/lib/tokenize.cpp b/lib/tokenize.cpp
index 48c1a10fa..62fff2ce7 100644
--- a/lib/tokenize.cpp
+++ b/lib/tokenize.cpp
@@ -8587,6 +8587,8 @@ void Tokenizer::simplifyStructDecl()
                 continue;
             skip.push(false);
             tok = next->link();
+            if (!tok)
+                break; // see #4869 segmentation fault in Tokenizer::simplifyStructDecl (invalid code)
             restart = next;
 
             // check for named type
@@ -8598,6 +8600,8 @@ void Tokenizer::simplifyStructDecl()
                     tok = tok->next();
                     start->deleteThis();
                 }
+                if (!tok)
+                    break; // see #4869 segmentation fault in Tokenizer::simplifyStructDecl (invalid code)
                 tok->insertToken(type->str());
                 if (start->str() != "class")
                     tok->insertToken(start->str());
diff --git a/test/testtokenize.cpp b/test/testtokenize.cpp
index 0f8aacbd3..1dc5252e9 100644
--- a/test/testtokenize.cpp
+++ b/test/testtokenize.cpp
@@ -71,6 +71,7 @@ private:
         TEST_CASE(syntax_case_default);
         TEST_CASE(garbageCode1);
         TEST_CASE(garbageCode2); // #4300
+        TEST_CASE(garbageCode3); // #4869
 
         TEST_CASE(simplifyFileAndLineMacro);  // tokenize "return - __LINE__;"
 
@@ -905,6 +906,10 @@ private:
         tokenizeAndStringify("enum { D = 1  struct  { } ; }  s.b = D;");
     }
 
+    void garbageCode3() { //#4849 (segmentation fault in Tokenizer::simplifyStructDecl (invalid code))
+        tokenizeAndStringify("enum {  D = 2 s ; struct y  { x } ; } { s.a = C ; s.b = D ; }");
+    }
+
     void simplifyFileAndLineMacro() { // tokenize 'return - __LINE__' correctly
         ASSERT_EQUALS("return -1 ;", tokenizeAndStringify("return - __LINE__;"));
     }