diff --git a/src/hb-ot-cff1-table.hh b/src/hb-ot-cff1-table.hh
index 01c0e4354..05394038a 100644
--- a/src/hb-ot-cff1-table.hh
+++ b/src/hb-ot-cff1-table.hh
@@ -1092,6 +1092,7 @@ struct cff1
 	  CFF1FontDict_Interpreter font_interp;
 	  font_interp.env.init (fontDictStr);
 	  font = fontDicts.push ();
+	  if (unlikely (font == &Crap(CFF1FontDictValues))) { fini (); return; }
 	  font->init ();
 	  if (unlikely (!font_interp.interpret (*font))) { fini (); return; }
 	  PRIVDICTVAL  *priv = &privateDicts[i];
@@ -1131,7 +1132,7 @@ struct cff1
     {
       sc.end_processing ();
       topDict.fini ();
-      fontDicts.fini ();
+      fontDicts.fini_deep ();
       privateDicts.fini_deep ();
       hb_blob_destroy (blob);
       blob = nullptr;
diff --git a/src/hb-ot-cff2-table.hh b/src/hb-ot-cff2-table.hh
index 3c4191cd9..178acf0b1 100644
--- a/src/hb-ot-cff2-table.hh
+++ b/src/hb-ot-cff2-table.hh
@@ -486,6 +486,7 @@ struct cff2
 	CFF2FontDict_Interpreter font_interp;
 	font_interp.env.init (fontDictStr);
 	font = fontDicts.push ();
+	if (unlikely (font == &Crap(CFF2FontDictValues))) { fini (); return; }
 	font->init ();
 	if (unlikely (!font_interp.interpret (*font))) { fini (); return; }
 
@@ -506,7 +507,7 @@ struct cff2
     inline void fini (void)
     {
       sc.end_processing ();
-      fontDicts.fini ();
+      fontDicts.fini_deep ();
       privateDicts.fini_deep ();
       hb_blob_destroy (blob);
       blob = nullptr;
diff --git a/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-shape-fuzzer-5175735354916864 b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-shape-fuzzer-5175735354916864
new file mode 100644
index 000000000..72fdfc6bd
Binary files /dev/null and b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-shape-fuzzer-5175735354916864 differ