From ea1cf870305ad46fae53d338474b6b13f7fe14d4 Mon Sep 17 00:00:00 2001
From: Xiang Zhang <angwerzx@126.com>
Date: Thu, 22 Dec 2016 15:30:47 +0800
Subject: Issue #29044: Fix a use-after-free in string '%c' formatter.

---
 Objects/unicodeobject.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/Objects/unicodeobject.c b/Objects/unicodeobject.c
index ab261cc..5787830 100644
--- a/Objects/unicodeobject.c
+++ b/Objects/unicodeobject.c
@@ -14213,11 +14213,12 @@ formatchar(PyObject *v)
             if (iobj == NULL) {
                 goto onError;
             }
-            v = iobj;
+            x = PyLong_AsLong(iobj);
             Py_DECREF(iobj);
         }
-        /* Integer input truncated to a character */
-        x = PyLong_AsLong(v);
+        else {
+            x = PyLong_AsLong(v);
+        }
         if (x == -1 && PyErr_Occurred())
             goto onError;
 
-- 
cgit v0.12