diff --git a/src/hb-ot-cff-common.hh b/src/hb-ot-cff-common.hh
index ddec517a1..55ae10efe 100644
--- a/src/hb-ot-cff-common.hh
+++ b/src/hb-ot-cff-common.hh
@@ -655,9 +655,9 @@ struct FDSelect {
     TRACE_SANITIZE (this);
 
     return_trace (likely (c->check_struct (this) && (format == 0 || format == 3) &&
-			  (format == 0)?
+			  ((format == 0)?
 			  u.format0.sanitize (c, fdcount):
-			  u.format3.sanitize (c, fdcount)));
+			  u.format3.sanitize (c, fdcount))));
   }
 
   bool serialize (hb_serialize_context_t *c, const FDSelect &src, unsigned int num_glyphs)
diff --git a/src/hb-ot-cff2-table.hh b/src/hb-ot-cff2-table.hh
index a7b0ba9be..74acc771a 100644
--- a/src/hb-ot-cff2-table.hh
+++ b/src/hb-ot-cff2-table.hh
@@ -56,11 +56,11 @@ struct CFF2FDSelect
     TRACE_SANITIZE (this);
 
     return_trace (likely (c->check_struct (this) && (format == 0 || format == 3 || format == 4) &&
-			  (format == 0)?
+			  ((format == 0)?
 			  u.format0.sanitize (c, fdcount):
 			    ((format == 3)?
 			    u.format3.sanitize (c, fdcount):
-			    u.format4.sanitize (c, fdcount))));
+			    u.format4.sanitize (c, fdcount)))));
   }
 
   bool serialize (hb_serialize_context_t *c, const CFF2FDSelect &src, unsigned int num_glyphs)
diff --git a/test/fuzzing/fonts/clusterfuzz-testcase-minimized-harfbuzz_fuzzer-6252118652092416 b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-harfbuzz_fuzzer-6252118652092416
new file mode 100644
index 000000000..e2dd6a389
Binary files /dev/null and b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-harfbuzz_fuzzer-6252118652092416 differ