diff --git a/include/jwt/base64.hpp b/include/jwt/base64.hpp
index e3baf6e..226c1f0 100644
--- a/include/jwt/base64.hpp
+++ b/include/jwt/base64.hpp
@@ -200,7 +200,7 @@ inline std::string base64_decode(const char* in, size_t len)
 
   constexpr static const DMap dmap{};
 
-  while (dmap.at(in[bytes_rem - 1]) == -1) { bytes_rem--; }
+  while (bytes_rem > 0 && dmap.at(in[bytes_rem - 1]) == -1) { bytes_rem--; }
 
   while (bytes_rem > 4)
   {
diff --git a/tests/test_jwt_decode.cc b/tests/test_jwt_decode.cc
index 1bb957f..a63410c 100644
--- a/tests/test_jwt_decode.cc
+++ b/tests/test_jwt_decode.cc
@@ -64,6 +64,20 @@ TEST (DecodeTest, DecodeInvalidHeader)
 
 }
 
+TEST (DecodeTest, DecodeEmptyHeader)
+{
+  using namespace jwt::params;
+
+  const char* enc_str =
+    ".eyJhdWQiOiJyaWZ0LmlvIiwiZXhwIjoxNTEzODYzMzcxLCJzdWIiOiJub3RoaW5nIG11Y2gifQ.";
+
+  std::error_code ec;
+  auto obj = jwt::decode(enc_str, algorithms({"hs256"}), ec, secret(""), verify(true));
+  ASSERT_TRUE (ec);
+  EXPECT_EQ (ec.value(), static_cast<int>(jwt::DecodeErrc::JsonParseError));
+
+}
+
 TEST (DecodeTest, DecodeInvalidPayload)
 {
   using namespace jwt::params;