diff --git a/Misc/NEWS b/Misc/NEWS
index a41b6164158..9f7dbddec95 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -44,6 +44,9 @@ Core and builtins
 Extension Modules
 -----------------
 
+- Patches #925152, #1118602: Avoid reading after the end of the buffer
+  in pyexpat.GetInputContext.
+
 - Patches #749830, #1144555: allow UNIX mmap size to default to current 
   file size.
 
diff --git a/Modules/pyexpat.c b/Modules/pyexpat.c
index d359a7405c2..e6c14f8a2db 100644
--- a/Modules/pyexpat.c
+++ b/Modules/pyexpat.c
@@ -1082,7 +1082,7 @@ xmlparse_GetInputContext(xmlparseobject *self, PyObject *args)
                 = XML_GetInputContext(self->itself, &offset, &size);
 
             if (buffer != NULL)
-                result = PyString_FromStringAndSize(buffer + offset, size);
+                result = PyString_FromStringAndSize(buffer + offset, size - offset);
             else {
                 result = Py_None;
                 Py_INCREF(result);