Index: Modules/_json.c
===================================================================
--- Modules/_json.c	(révision 65132)
+++ Modules/_json.c	(copie de travail)
@@ -228,10 +228,14 @@
 {
     PyObject *rval;
     Py_ssize_t len = PyString_GET_SIZE(pystr);
-    Py_ssize_t begin = end - 1;
-    Py_ssize_t next = begin;
+    Py_ssize_t next;
     char *buf = PyString_AS_STRING(pystr);
-    PyObject *chunks = PyList_New(0);
+    PyObject *chunks;
+    if (end < 0 || len <= end) {
+        PyErr_SetString(PyExc_ValueError, "end is outside xxx");
+        return NULL;
+    }
+    chunks = PyList_New(0);
     if (chunks == NULL) {
         goto bail;
     }
@@ -245,12 +249,12 @@
                 break;
             }
             else if (strict && c <= 0x1f) {
-                raise_errmsg("Invalid control character at", pystr, begin);
+                raise_errmsg("Invalid control character at", pystr, end);
                 goto bail;
             }
         }
         if (!(c == '"' || c == '\\')) {
-            raise_errmsg("Unterminated string starting at", pystr, begin);
+            raise_errmsg("Unterminated string starting at", pystr, end);
             goto bail;
         }
         /* Pick up this chunk if it's not zero length */
@@ -275,7 +279,7 @@
             break;
         }
         if (next == len) {
-            raise_errmsg("Unterminated string starting at", pystr, begin);
+            raise_errmsg("Unterminated string starting at", pystr, end);
             goto bail;
         }
         c = buf[next];
@@ -389,10 +393,15 @@
 {
     PyObject *rval;
     Py_ssize_t len = PyUnicode_GET_SIZE(pystr);
-    Py_ssize_t begin = end - 1;
-    Py_ssize_t next = begin;
-    const Py_UNICODE *buf = PyUnicode_AS_UNICODE(pystr);
-    PyObject *chunks = PyList_New(0);
+    Py_ssize_t next;
+    const Py_UNICODE *buf;
+    PyObject *chunks;
+    if (end < 0 || len <= end) {
+        PyErr_SetString(PyExc_ValueError, "end is outside xxx");
+        return NULL;
+    }
+    buf = PyUnicode_AS_UNICODE(pystr);
+    chunks = PyList_New(0);
     if (chunks == NULL) {
         goto bail;
     }
@@ -406,12 +415,12 @@
                 break;
             }
             else if (strict && c <= 0x1f) {
-                raise_errmsg("Invalid control character at", pystr, begin);
+                raise_errmsg("Invalid control character at", pystr, end);
                 goto bail;
             }
         }
         if (!(c == '"' || c == '\\')) {
-            raise_errmsg("Unterminated string starting at", pystr, begin);
+            raise_errmsg("Unterminated string starting at", pystr, end);
             goto bail;
         }
         /* Pick up this chunk if it's not zero length */
@@ -431,7 +440,7 @@
             break;
         }
         if (next == len) {
-            raise_errmsg("Unterminated string starting at", pystr, begin);
+            raise_errmsg("Unterminated string starting at", pystr, end);
             goto bail;
         }
         c = buf[next];