diff -r 89b106d298a9 Lib/test/test_unicode.py
--- a/Lib/test/test_unicode.py	Mon Jun 10 09:19:46 2013 -0700
+++ b/Lib/test/test_unicode.py	Mon Jun 10 23:31:55 2013 +0300
@@ -2016,6 +2013,8 @@
         # test "%c"
         self.assertEqual(PyUnicode_FromFormat(b'%c', c_int(0xabcd)), '\uabcd')
         self.assertEqual(PyUnicode_FromFormat(b'%c', c_int(0x10ffff)), '\U0010ffff')
+        with self.assertRaises(OverflowError):
+            PyUnicode_FromFormat(b'%c', c_int(0x110000))
 
         # test "%"
         self.assertEqual(PyUnicode_FromFormat(b'%'), '%')
diff -r 89b106d298a9 Objects/unicodeobject.c
--- a/Objects/unicodeobject.c	Mon Jun 10 09:19:46 2013 -0700
+++ b/Objects/unicodeobject.c	Mon Jun 10 23:31:55 2013 +0300
@@ -2489,8 +2489,13 @@
             switch (*f) {
             case 'c':
             {
-                Py_UCS4 ordinal = va_arg(count, int);
-                maxchar = Py_MAX(maxchar, ordinal);
+                int ordinal = va_arg(count, int);
+                if (ordinal < 0 || ordinal > MAX_UNICODE) {
+                    PyErr_SetString(PyExc_OverflowError,
+                                    "%c arg not in range(0x110000)");
+                    goto fail;
+                }
+                maxchar = Py_MAX(maxchar, (Py_UCS4)ordinal);
                 n++;
                 break;
             }