In _PyUnicode_New() a unicode object is taken from the freelist but if
the unicode_resize() call fails and returns -1, the goto onerror calls
_Py_ForgetReference on the unicode object... But it has NULL _ob_prev
and _ob_next values causing a crash when they're used.
How to reproduce:
* Make a 32-bit --with-pydebug build of Python trunk.
* Run it on a machine with lots of ram (at least 3gigs recommended, or
lots of swap and a heap of patience):
./python
Python 2.6a2+ (trunk:62336M, Apr 13 2008, 18:51:30)
>>> msg = 'A'*2000111222
>>> x = msg.decode('utf8')
It segmentation faults in _Py_ForgetReference.