From b5f7c9f5ba7d3b558296db15bf739dffb1176592 Mon Sep 17 00:00:00 2001
From: Bradford Larsen <brad@bradfordlarsen.com>
Date: Sun, 31 Mar 2019 10:53:28 -0400
Subject: [PATCH 1/3] bpo-36495: Fix two out-of-bounds array reads

https://bugs.python.org/issue36495
---
 Python/ast.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Python/ast.c b/Python/ast.c
index e9154fecff064b..913e53ad7937d8 100644
--- a/Python/ast.c
+++ b/Python/ast.c
@@ -1400,7 +1400,7 @@ handle_keywordonly_args(struct compiling *c, const node *n, int start,
                     goto error;
                 asdl_seq_SET(kwonlyargs, j++, arg);
                 i += 1; /* the name */
-                if (TYPE(CHILD(n, i)) == COMMA)
+                if (i < NCH(n) && TYPE(CHILD(n, i)) == COMMA)
                     i += 1; /* the comma, if present */
                 break;
             case TYPE_COMMENT:
@@ -1599,7 +1599,7 @@ ast_for_arguments(struct compiling *c, const node *n)
                 if (!kwarg)
                     return NULL;
                 i += 2; /* the double star and the name */
-                if (TYPE(CHILD(n, i)) == COMMA)
+                if (i < NCH(n) && TYPE(CHILD(n, i)) == COMMA)
                     i += 1; /* the comma, if present */
                 break;
             case TYPE_COMMENT:

From 6f90ef3cf6244d8dc419a5222be9ecf96d33c764 Mon Sep 17 00:00:00 2001
From: "blurb-it[bot]" <blurb-it[bot]@users.noreply.github.com>
Date: Sun, 31 Mar 2019 15:06:36 +0000
Subject: [PATCH 2/3] =?UTF-8?q?=F0=9F=93=9C=F0=9F=A4=96=20Added=20by=20blu?=
 =?UTF-8?q?rb=5Fit.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../next/Security/2019-03-31-15-06-35.bpo-36495.ahXWSI.rst       | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 Misc/NEWS.d/next/Security/2019-03-31-15-06-35.bpo-36495.ahXWSI.rst

diff --git a/Misc/NEWS.d/next/Security/2019-03-31-15-06-35.bpo-36495.ahXWSI.rst b/Misc/NEWS.d/next/Security/2019-03-31-15-06-35.bpo-36495.ahXWSI.rst
new file mode 100644
index 00000000000000..a0b83e7a509c2d
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2019-03-31-15-06-35.bpo-36495.ahXWSI.rst
@@ -0,0 +1 @@
+Fix two out-of-bound reads in the code that constructs abstract syntax trees.  Patch by Brad Larsen.
\ No newline at end of file

From 3a69b872c4f09602cc2d92553c4ddd2027b08613 Mon Sep 17 00:00:00 2001
From: Bradford Larsen <brad@bradfordlarsen.com>
Date: Mon, 1 Apr 2019 09:33:34 -0400
Subject: [PATCH 3/3] =?UTF-8?q?Revert=20"=F0=9F=93=9C=F0=9F=A4=96=20Added?=
 =?UTF-8?q?=20by=20blurb=5Fit."?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This reverts commit 6f90ef3cf6244d8dc419a5222be9ecf96d33c764.

No need for a NEWS entry on a prerelease bugfix.
---
 .../next/Security/2019-03-31-15-06-35.bpo-36495.ahXWSI.rst       | 1 -
 1 file changed, 1 deletion(-)
 delete mode 100644 Misc/NEWS.d/next/Security/2019-03-31-15-06-35.bpo-36495.ahXWSI.rst

diff --git a/Misc/NEWS.d/next/Security/2019-03-31-15-06-35.bpo-36495.ahXWSI.rst b/Misc/NEWS.d/next/Security/2019-03-31-15-06-35.bpo-36495.ahXWSI.rst
deleted file mode 100644
index a0b83e7a509c2d..00000000000000
--- a/Misc/NEWS.d/next/Security/2019-03-31-15-06-35.bpo-36495.ahXWSI.rst
+++ /dev/null
@@ -1 +0,0 @@
-Fix two out-of-bound reads in the code that constructs abstract syntax trees.  Patch by Brad Larsen.
\ No newline at end of file