From 6687ded893f892e1496d84713d2ae3e7b257c223 Mon Sep 17 00:00:00 2001
From: Jeremy Hylton <jeremy@alum.mit.edu>
Date: Tue, 16 Sep 2003 20:30:03 +0000
Subject: [PATCH] Backport: Double-fix of crash in Unicode freelist handling.

---
 Misc/NEWS               | 5 +++++
 Objects/unicodeobject.c | 3 ++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/Misc/NEWS b/Misc/NEWS
index d7b47c7016ef..79bd3ffff132 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -12,6 +12,11 @@ What's New in Python 2.3.1?
 Core and builtins
 -----------------
 
+- Fixed a bug in the cache of length-one Unicode strings that could
+  lead to a seg fault.  The specific problem occurred when an earlier,
+  non-fatal error left an uninitialized Unicode object in the
+  freelist.
+
 - Fixed a leak in class objects defining a comparison but not a hash
   function.
 
diff --git a/Objects/unicodeobject.c b/Objects/unicodeobject.c
index 7ba9547b1f74..fffab49a35a2 100644
--- a/Objects/unicodeobject.c
+++ b/Objects/unicodeobject.c
@@ -132,7 +132,7 @@ int unicode_resize(register PyUnicodeObject *unicode,
        instead ! */
     if (unicode == unicode_empty || 
 	(unicode->length == 1 && 
-	 unicode->str[0] < 256 &&
+	 unicode->str[0] < 256U &&
 	 unicode_latin1[unicode->str[0]] == unicode)) {
         PyErr_SetString(PyExc_SystemError,
                         "can't resize shared unicode objects");
@@ -211,6 +211,7 @@ PyUnicodeObject *_PyUnicode_New(int length)
 	PyErr_NoMemory();
 	goto onError;
     }
+    unicode->str[0] = 0;
     unicode->str[length] = 0;
     unicode->length = length;
     unicode->hash = -1;
-- 
2.47.3