From dce2f3605bc56187d1b8af83920d1a210443ec70 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Martin=20v=2E=20L=C3=B6wis?= <martin@v.loewis.de>
Date: Fri, 4 Mar 2005 14:38:07 +0000
Subject: [PATCH] Patches #925152, #1118602: Avoid reading after the end of the
 buffer in pyexpat.GetInputContext.

---
 Misc/NEWS         | 3 +++
 Modules/pyexpat.c | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/Misc/NEWS b/Misc/NEWS
index 93ca629d5db2..b43542950f00 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -33,6 +33,9 @@ Core and builtins
 Extension Modules
 -----------------
 
+- Patches #925152, #1118602: Avoid reading after the end of the buffer
+  in pyexpat.GetInputContext.
+
 - Patch #1093585: raise a ValueError for negative history items in readline.
   {remove_history,replace_history}
 
diff --git a/Modules/pyexpat.c b/Modules/pyexpat.c
index d359a7405c2f..e6c14f8a2db4 100644
--- a/Modules/pyexpat.c
+++ b/Modules/pyexpat.c
@@ -1082,7 +1082,7 @@ xmlparse_GetInputContext(xmlparseobject *self, PyObject *args)
                 = XML_GetInputContext(self->itself, &offset, &size);
 
             if (buffer != NULL)
-                result = PyString_FromStringAndSize(buffer + offset, size);
+                result = PyString_FromStringAndSize(buffer + offset, size - offset);
             else {
                 result = Py_None;
                 Py_INCREF(result);
-- 
2.47.3