diff --git a/.typos.toml b/.typos.toml
index 4b97f7a04..b9a06e44c 100644
--- a/.typos.toml
+++ b/.typos.toml
@@ -5,3 +5,5 @@ inout = "inout"
 ocur = "ocur"
 bigsur = "Big Sur"
 Smoot = "Smoot"
+ba = "ba"
+Datas = "Datas"
diff --git a/CHANGES b/CHANGES
index 49da7cc65..1dd1ccf48 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,10 @@
+1.12.0-dev.124 | 2024-09-30 17:43:41 +0200
+
+  * GH-1875: Fix potential nullptr dereference when comparing streams. (Robin Sommer, Corelight)
+
+    Because we are operating on unsafe iterators, need to catch when one
+    goes out of bounds.
+
 1.12.0-dev.122 | 2024-09-30 14:18:09 +0200
 
   * GH-1874: Add new library function `spicy::bytes_to_mac`. (Robin Sommer, Corelight)
diff --git a/VERSION b/VERSION
index 69b3df1d8..e9d421bc2 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-1.12.0-dev.122
+1.12.0-dev.124
diff --git a/hilti/runtime/src/types/stream.cc b/hilti/runtime/src/types/stream.cc
index 668094905..8c12b50fe 100644
--- a/hilti/runtime/src/types/stream.cc
+++ b/hilti/runtime/src/types/stream.cc
@@ -565,6 +565,9 @@ bool stream::View::operator==(const View& other) const {
     auto j = other.unsafeBegin();
 
     while ( i != unsafeEnd() ) {
+        if ( ! i.chunk() || ! j.chunk() )
+            return (i.chunk() == j.chunk() && i.offset() == j.offset()); // same out-of-bounds iterators
+
         if ( i.chunk()->isGap() != j.chunk()->isGap() )
             return false;
 
@@ -586,6 +589,9 @@ bool stream::View::operator==(const Bytes& other) const {
     auto j = other.begin();
 
     while ( i != unsafeEnd() ) {
+        if ( ! i.chunk() ) // out-of-bounds, cannot match
+            return false;
+
         if ( *i++ != *j++ )
             return false;
     }
@@ -594,7 +600,7 @@ bool stream::View::operator==(const Bytes& other) const {
 }
 
 std::string hilti::rt::detail::adl::to_string(const stream::SafeConstIterator& x, adl::tag /*unused*/) {
-    auto str = [](auto x) {
+    auto str = [](const auto& x) {
         auto y = x + 10;
         auto v = stream::View(x, y);
         if ( y.isEnd() )
diff --git a/tests/spicy/types/unit/synchronize-after-with-trim.spicy b/tests/spicy/types/unit/synchronize-after-with-trim.spicy
new file mode 100644
index 000000000..9401c9918
--- /dev/null
+++ b/tests/spicy/types/unit/synchronize-after-with-trim.spicy
@@ -0,0 +1,14 @@
+# @TEST-EXEC: printf ba | spicy-driver -d %INPUT
+#
+# @TEST-DOC: Tests `%synchronize-after` with a fully trimmed view; regression test for #1875.
+
+module RESP;
+
+public type Datas = unit {
+    : (Data &synchronize)[] { confirm; }
+};
+
+type Data = unit {
+    %synchronize-after=b"a";
+    ty: uint8 &requires=($$ < 5);
+    };