diff --git a/scripts/vim_na_files.txt b/scripts/vim_na_files.txt
index 70d7cefcc3..5e0ef395fd 100644
--- a/scripts/vim_na_files.txt
+++ b/scripts/vim_na_files.txt
@@ -83,6 +83,7 @@ src/terminal.c
 src/termlib.c
 src/testdir/Make_amiga.mak
 src/testdir/Make_dos.mak
+src/testdir/crash/heap_overflow3
 src/testdir/keycode_check.vim
 src/testdir/lsan-suppress.txt
 src/testdir/samples/crypt_sodium_invalid.txt
diff --git a/src/nvim/getchar.c b/src/nvim/getchar.c
index 36a47ae036..e824d1fcc1 100644
--- a/src/nvim/getchar.c
+++ b/src/nvim/getchar.c
@@ -449,9 +449,15 @@ void flush_buffers(flush_buffers_T flush_typeahead)
   while (read_readbuffers(true) != NUL) {}
 
   if (flush_typeahead == FLUSH_MINIMAL) {
-    // remove mapped characters at the start only
-    typebuf.tb_off += typebuf.tb_maplen;
-    typebuf.tb_len -= typebuf.tb_maplen;
+    // remove mapped characters at the start only,
+    // but only when enough space left in typebuf
+    if (typebuf.tb_off + typebuf.tb_maplen >= typebuf.tb_buflen) {
+      typebuf.tb_off = MAXMAPLEN;
+      typebuf.tb_len = 0;
+    } else {
+      typebuf.tb_off += typebuf.tb_maplen;
+      typebuf.tb_len -= typebuf.tb_maplen;
+    }
   } else {
     // remove typeahead
     if (flush_typeahead == FLUSH_INPUT) {
diff --git a/test/old/testdir/test_crash.vim b/test/old/testdir/test_crash.vim
index 47fc9740a6..80b0d3f722 100644
--- a/test/old/testdir/test_crash.vim
+++ b/test/old/testdir/test_crash.vim
@@ -220,6 +220,13 @@ func Test_crash1_3()
   call term_sendkeys(buf, args)
   call TermWait(buf, 150)
 
+  let file = 'crash/heap_overflow3'
+  let cmn_args = "%s -u NONE -i NONE -n -X -m -n -e -s -S %s -c ':qa!'"
+  let args = printf(cmn_args, vim, file)
+  call term_sendkeys(buf, args)
+  call TermWait(buf, 150)
+
+
   " clean up
   exe buf .. "bw!"
   bw!