From ff5a848db585a90e55c5e21c0f3b739c402bb760 Mon Sep 17 00:00:00 2001
From: Victor Stinner <victor.stinner@gmail.com>
Date: Sat, 6 Oct 2012 23:05:45 +0200
Subject: Issue #16147: PyUnicode_FromFormatV() now raises an error if the
 argument of '%c' is not in the range(0x110000).

---
 Objects/unicodeobject.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/Objects/unicodeobject.c b/Objects/unicodeobject.c
index 40e56cd..e6fe1fb 100644
--- a/Objects/unicodeobject.c
+++ b/Objects/unicodeobject.c
@@ -2417,6 +2417,11 @@ unicode_fromformat_arg(_PyUnicodeWriter *writer,
     case 'c':
     {
         int ordinal = va_arg(*vargs, int);
+        if (ordinal < 0 || ordinal > MAX_UNICODE) {
+            PyErr_SetString(PyExc_ValueError,
+                            "character argument not in range(0x110000)");
+            return NULL;
+        }
         if (_PyUnicodeWriter_Prepare(writer, 1, ordinal) == -1)
             return NULL;
         PyUnicode_WRITE(writer->kind, writer->data, writer->pos, ordinal);
-- 
cgit v0.12