diff --git a/lib/checkbool.cpp b/lib/checkbool.cpp
index 0b65e8c19..a03943599 100644
--- a/lib/checkbool.cpp
+++ b/lib/checkbool.cpp
@@ -438,7 +438,7 @@ void CheckBool::pointerArithBool()
             if (tok)
                 tok = tok->astOperand1();
         } else if (scope->type == Scope::eDo)
-            tok = scope->classEnd->tokAt(2)->astOperand2();
+            tok = (scope->classEnd->tokAt(2)) ? scope->classEnd->tokAt(2)->astOperand2() : nullptr;
 
         pointerArithBoolCond(tok);
     }
diff --git a/lib/checkstl.cpp b/lib/checkstl.cpp
index a7c466b91..d0afcab88 100644
--- a/lib/checkstl.cpp
+++ b/lib/checkstl.cpp
@@ -1455,6 +1455,8 @@ void CheckStl::checkDereferenceInvalidIterator()
             const Token* startOfCondition = tok->next();
             if (i->type == Scope::eDo)
                 startOfCondition = startOfCondition->link()->tokAt(2);
+            if (!startOfCondition) // ticket #6626 invalid code
+                continue;
             const Token* endOfCondition = startOfCondition->link();
             if (!endOfCondition)
                 continue;
diff --git a/test/testgarbage.cpp b/test/testgarbage.cpp
index 4e3885b23..9c2293fe8 100644
--- a/test/testgarbage.cpp
+++ b/test/testgarbage.cpp
@@ -72,6 +72,7 @@ private:
         TEST_CASE(garbageCode31); // #6539
         TEST_CASE(garbageCode32); // #6135
         TEST_CASE(garbageCode33); // #6613
+        TEST_CASE(garbageCode34); // 6626
 
         TEST_CASE(garbageValueFlow);
         TEST_CASE(garbageSymbolDatabase);
@@ -410,6 +411,15 @@ private:
         checkCode("\xe2u.");
     }
 
+    // Bug #6626 crash: Token::astOperand2() const ( do while )
+    void garbageCode34() {
+        checkCode("void foo(void) {\n"
+                  " do\n"
+                  " while (0);\n"
+                  "}");
+        ASSERT_EQUALS("", errout.str());
+    }
+
     void garbageValueFlow() {
         // #6089
         const char* code = "{} int foo(struct, x1, struct x2, x3, int, x5, x6, x7)\n"