From 5ec0bbf27dfef0d486dca1177d8c86f37969474e Mon Sep 17 00:00:00 2001
From: Serhiy Storchaka <storchaka@gmail.com>
Date: Fri, 30 Jan 2015 23:35:03 +0200
Subject: Issue #23055: Fixed off-by-one error in PyUnicode_FromFormatV.

---
 Objects/unicodeobject.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Objects/unicodeobject.c b/Objects/unicodeobject.c
index 2e5f5fd..1e3b812 100644
--- a/Objects/unicodeobject.c
+++ b/Objects/unicodeobject.c
@@ -893,7 +893,8 @@ PyUnicode_FromFormatV(const char *format, va_list vargs)
     }
   expand:
     if (abuffersize > 20) {
-        abuffer = PyObject_Malloc(abuffersize);
+        /* add 1 for sprintf's trailing null byte */
+        abuffer = PyObject_Malloc(abuffersize + 1);
         if (!abuffer) {
             PyErr_NoMemory();
             goto fail;
-- 
cgit v0.12