diff --git a/Misc/NEWS b/Misc/NEWS
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -16,6 +16,10 @@
   double quotes.  The raw_unicode_escape encoder now escapes single
   quotes, double quotes, and backslashes.
 
+- Issue #7615: The UTF-16 decode logic in the Unicode escape encoders
+  no longer reads past the end of the provided Py_UNICODE buffer if
+  the last character's value is between 0xD800 and 0xDC00.
+
 - Issue #2335: Backport set literals syntax from Python 3.x.
 
 Library
diff --git a/Modules/cPickle.c b/Modules/cPickle.c
--- a/Modules/cPickle.c
+++ b/Modules/cPickle.c
@@ -1326,7 +1326,7 @@
         else
 #else
 	/* Map UTF-16 surrogate pairs to '\U00xxxxxx' */
-	if (ch >= 0xD800 && ch < 0xDC00) {
+	if (ch >= 0xD800 && ch < 0xDC00 && size) {
 	    Py_UNICODE ch2;
 	    Py_UCS4 ucs;
 
diff --git a/Objects/unicodeobject.c b/Objects/unicodeobject.c
--- a/Objects/unicodeobject.c
+++ b/Objects/unicodeobject.c
@@ -3068,7 +3068,7 @@
         }
 #else
         /* Map UTF-16 surrogate pairs to '\U00xxxxxx' */
-        else if (ch >= 0xD800 && ch < 0xDC00) {
+        else if (ch >= 0xD800 && ch < 0xDC00 && size) {
             Py_UNICODE ch2;
             Py_UCS4 ucs;
 
@@ -3316,7 +3316,7 @@
         else
 #else
             /* Map UTF-16 surrogate pairs to '\U00xxxxxx' */
-            if (ch >= 0xD800 && ch < 0xDC00) {
+            if (ch >= 0xD800 && ch < 0xDC00 && size) {
                 Py_UNICODE ch2;
                 Py_UCS4 ucs;