diff --git a/src/hb-ot-kern-table.hh b/src/hb-ot-kern-table.hh
index 074eba32a..5fd2e20e6 100644
--- a/src/hb-ot-kern-table.hh
+++ b/src/hb-ot-kern-table.hh
@@ -117,10 +117,11 @@ struct KernSubTableFormat2
     unsigned int l = (this+leftClassTable).get_class (left);
     unsigned int r = (this+leftClassTable).get_class (left);
     unsigned int offset = l * rowWidth + r * sizeof (FWORD);
-    const FWORD *v = &StructAtOffset<FWORD> (&(this+array), offset);
-    /* Untested code, as I have not been able to find ANY kern table format-2 yet. */
-    assert (&(this+array) <= v);
-    if (unlikely (v + 1 > (const FWORD *) end))
+    const FWORD *arr = &(this+array);
+    if (unlikely ((const void *) arr < (const void *) this || (const void *) arr >= (const void *) end))
+      return 0;
+    const FWORD *v = &StructAtOffset<FWORD> (arr, offset);
+    if (unlikely ((const void *) v < (const void *) arr || (const void *) (v + 1) > (const void *) end))
       return 0;
     return *v;
   }
diff --git a/test/shaping/fonts/sha1sum/243798dd281c1c77c065958e1ff467420faa9bde.ttf b/test/shaping/fonts/sha1sum/243798dd281c1c77c065958e1ff467420faa9bde.ttf
new file mode 100644
index 000000000..dd8506eff
Binary files /dev/null and b/test/shaping/fonts/sha1sum/243798dd281c1c77c065958e1ff467420faa9bde.ttf differ
diff --git a/test/shaping/tests/fuzzed.tests b/test/shaping/tests/fuzzed.tests
index 1f51e4412..53e9187e6 100644
--- a/test/shaping/tests/fuzzed.tests
+++ b/test/shaping/tests/fuzzed.tests
@@ -15,3 +15,4 @@ fonts/sha1sum/a34a9191d9376bda419836effeef7e75c1386016.ttf:--font-funcs=ot:U+004
 fonts/sha1sum/a69118c2c2ada48ff803d9149daa54c9ebdae30e.ttf:--font-funcs=ot:U+0041:[gid0=0+1229]
 fonts/sha1sum/b6acef662e0beb8d5fcf5b61c6b0ca69537b7402.ttf:--font-funcs=ot:U+0041:[gid0=0+1000]
 fonts/sha1sum/e88c339237f52d21e01c55f01b9c1b4cc14a0467.ttf:--font-funcs=ot:U+0041:[gid0=0+1000]
+fonts/sha1sum/243798dd281c1c77c065958e1ff467420faa9bde.ttf:--font-funcs=ot:U+0041:[gid0=0+1000]