diff -r c1a7ba57b4ff Lib/test/test_bytes.py
--- a/Lib/test/test_bytes.py	Thu Dec 12 23:07:40 2013 +0100
+++ b/Lib/test/test_bytes.py	Fri Dec 13 01:30:24 2013 +0100
@@ -743,6 +743,10 @@ class BytesTest(BaseBytesTest, unittest.
         self.assertEqual(PyBytes_FromFormat(b's:%s', c_char_p(b'cstr')),
                          b's:cstr')
 
+        # Issue #19969
+        self.assertRaises(ValueError, PyBytes_FromFormat, b'c:%c', c_int(-1))
+        self.assertRaises(ValueError, PyBytes_FromFormat, b'c:%c', c_int(256))
+
 
 class ByteArrayTest(BaseBytesTest, unittest.TestCase):
     type2test = bytearray
diff -r c1a7ba57b4ff Objects/bytesobject.c
--- a/Objects/bytesobject.c	Thu Dec 12 23:07:40 2013 +0100
+++ b/Objects/bytesobject.c	Fri Dec 13 01:30:24 2013 +0100
@@ -195,8 +195,17 @@ PyBytes_FromFormatV(const char *format, 
 
             switch (*f) {
             case 'c':
-                (void)va_arg(count, int);
-                /* fall through... */
+            {
+                int c = va_arg(count, int);
+                if (c < 0 || c > 255) {
+                    PyErr_SetString(PyExc_ValueError,
+                                    "PyBytes_FromFormatV(): %c format "
+                                    "expects an integer in range [0; 255]");
+                    return NULL;
+                }
+                n++;
+                break;
+            }
             case '%':
                 n++;
                 break;
@@ -276,8 +285,12 @@ PyBytes_FromFormatV(const char *format, 
 
             switch (*f) {
             case 'c':
-                *s++ = va_arg(vargs, int);
+            {
+                int c = va_arg(vargs, int);
+                /* c has been checked for overflow in the first step */
+                *s++ = (unsigned char)c;
                 break;
+            }
             case 'd':
                 if (longflag)
                     sprintf(s, "%ld", va_arg(vargs, long));