diff --git a/src/hb-ot-cff-common.hh b/src/hb-ot-cff-common.hh
index 299caf683..a04479d79 100644
--- a/src/hb-ot-cff-common.hh
+++ b/src/hb-ot-cff-common.hh
@@ -488,7 +488,7 @@ struct FDSelect3_4
   {
     auto *range = hb_bsearch (glyph, &ranges[0], nRanges () - 1, sizeof (ranges[0]), _cmp_range);
     unsigned fd = range ? range->fd : ranges[nRanges () - 1].fd;
-    hb_codepoint_t end = range ? range[1].first : 0;
+    hb_codepoint_t end = range ? range[1].first : ranges[nRanges () - 1].first;
     return {fd, end};
   }
 
@@ -542,13 +542,13 @@ struct FDSelect
   /* Returns pair of fd and one after last glyph in range. */
   hb_pair_t<unsigned, hb_codepoint_t> get_fd_range (hb_codepoint_t glyph) const
   {
-    if (this == &Null (FDSelect)) return {0, 0};
+    if (this == &Null (FDSelect)) return {0, 1};
 
     switch (format)
     {
     case 0: return u.format0.get_fd_range (glyph);
     case 3: return u.format3.get_fd_range (glyph);
-    default:return {0, 0};
+    default:return {0, 1};
     }
   }
 
diff --git a/src/hb-subset-cff-common.cc b/src/hb-subset-cff-common.cc
index ad5fb2ded..5e4ea5fe7 100644
--- a/src/hb-subset-cff-common.cc
+++ b/src/hb-subset-cff-common.cc
@@ -95,7 +95,8 @@ hb_plan_subset_cff_fdselect (const hb_subset_plan_t *plan,
 	prev_fd = fd;
 	fdselect_ranges.push (code_pair_t { fd, gid });
 
-	gid = hb_min (_.first - 1, last_range.second - 1);
+	if (gid == old_glyph)
+	  gid = hb_min (_.first - 1, last_range.second - 1);
       }
     }
 
diff --git a/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5419002026131456 b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5419002026131456
new file mode 100644
index 000000000..5f7fd639e
Binary files /dev/null and b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5419002026131456 differ