diff --git a/src/hb-ot-layout-gsubgpos.hh b/src/hb-ot-layout-gsubgpos.hh
index 11b5b5f5f..1e3a1a113 100644
--- a/src/hb-ot-layout-gsubgpos.hh
+++ b/src/hb-ot-layout-gsubgpos.hh
@@ -2051,12 +2051,15 @@ struct ChainRule
   {
     TRACE_SUBSET (this);
 
+    const HeadlessArrayOf<HBUINT16> &input = StructAfter<HeadlessArrayOf<HBUINT16>> (backtrack);
+    const ArrayOf<HBUINT16> &lookahead = StructAfter<ArrayOf<HBUINT16>> (input);
+
     if (!backtrack_map)
     {
       const hb_set_t &glyphset = *c->plan->glyphset ();
       if (!hb_all (backtrack, glyphset) ||
-          !hb_all (inputX, glyphset) ||
-          !hb_all (lookaheadX, glyphset))
+          !hb_all (input, glyphset) ||
+          !hb_all (lookahead, glyphset))
         return_trace (false);
 
       copy (c->serializer, c->plan->glyph_map);
@@ -2064,8 +2067,8 @@ struct ChainRule
     else
     {
       if (!hb_all (backtrack, backtrack_map) ||
-          !hb_all (inputX, input_map) ||
-          !hb_all (lookaheadX, lookahead_map))
+          !hb_all (input, input_map) ||
+          !hb_all (lookahead, lookahead_map))
         return_trace (false);
       
       copy (c->serializer, backtrack_map, input_map, lookahead_map);
diff --git a/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5643107869917184 b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5643107869917184
new file mode 100644
index 000000000..b11bd8784
Binary files /dev/null and b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5643107869917184 differ