From dec798eb46f7edfe0995ce1b8966097fb7567eb7 Mon Sep 17 00:00:00 2001
From: Serhiy Storchaka <storchaka@gmail.com>
Date: Tue, 8 Jan 2013 22:45:42 +0200
Subject: [PATCH] Fix out of bound read in UTF-32 decoder on "narrow Unicode"
 builds.

---
 Objects/unicodeobject.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Objects/unicodeobject.c b/Objects/unicodeobject.c
index f8c738bc75f..7cd039990c7 100644
--- a/Objects/unicodeobject.c
+++ b/Objects/unicodeobject.c
@@ -3182,7 +3182,7 @@ PyUnicode_DecodeUTF32Stateful(const char *s,
     /* On narrow builds we split characters outside the BMP into two
        codepoints => count how much extra space we need. */
 #ifndef Py_UNICODE_WIDE
-    for (qq = q; qq < e; qq += 4)
+    for (qq = q; e - qq >= 4; qq += 4)
         if (qq[iorder[2]] != 0 || qq[iorder[3]] != 0)
             pairs++;
 #endif