diff --git a/src/hb-ot-color-sbix-table.hh b/src/hb-ot-color-sbix-table.hh
index 0b71ee5f2..8130f332a 100644
--- a/src/hb-ot-color-sbix-table.hh
+++ b/src/hb-ot-color-sbix-table.hh
@@ -41,7 +41,8 @@ namespace OT {
 
 struct SBIXGlyph
 {
-  SBIXGlyph* copy (hb_serialize_context_t *c, unsigned int data_length) const {
+  SBIXGlyph* copy (hb_serialize_context_t *c, unsigned int data_length) const
+  {
     TRACE_SERIALIZE (this);
     SBIXGlyph* new_glyph = c->start_embed<SBIXGlyph> ();
     if (unlikely (!new_glyph)) return_trace (nullptr);
@@ -152,7 +153,9 @@ struct SBIXStrike
     {
       hb_codepoint_t old_gid;
       if (!c->plan->old_gid_for_new_gid (new_gid, &old_gid) ||
-          unlikely (imageOffsetsZ[old_gid + 1] <= imageOffsetsZ[old_gid] ||
+          unlikely (imageOffsetsZ[old_gid].is_null() ||
+                    imageOffsetsZ[old_gid + 1].is_null () ||
+                    imageOffsetsZ[old_gid + 1] <= imageOffsetsZ[old_gid] ||
                     imageOffsetsZ[old_gid + 1] - imageOffsetsZ[old_gid] <= SBIXGlyph::min_size) ||
                     (unsigned int) imageOffsetsZ[old_gid + 1] > available_len)
       {
@@ -162,7 +165,7 @@ struct SBIXStrike
       has_glyphs = true;
       unsigned int delta = imageOffsetsZ[old_gid + 1] - imageOffsetsZ[old_gid];
       unsigned int glyph_data_length = delta - SBIXGlyph::min_size;
-      if (!(this + imageOffsetsZ[old_gid]).copy (c->serializer, glyph_data_length))
+      if (!(this+imageOffsetsZ[old_gid]).copy (c->serializer, glyph_data_length))
         return_trace (false);
       out->imageOffsetsZ[new_gid] = head;
       head += delta;
diff --git a/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5747280156295168 b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5747280156295168
new file mode 100644
index 000000000..57611513c
Binary files /dev/null and b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5747280156295168 differ