The necessary widen has been done in unicode_decode_call_errorhandler_writer. So I think this is not a must.

And how about this? How could it lead to crash?

This is even more important. Since WRITE_CHAR doesn't check the size of the output buffer, we need to allocate the space for writer.min_length = end - s + writer.pos characters past the last written character.

Of course. But isn't the widen done in unicode_decode_call_errorhandler_writer? When the error handler generates only one character, we don't need more space since we have already got enough space. But when the error handler generates more, unicode_decode_call_errorhandler_writer allocates the spaces for you. You did the change to unicode_decode_call_errorhandler_writer to avoid crash.

I don't remove all details, but when I wrote this code the call of _PyUnicodeWriter_Prepare() was needed.

Maybe something was changed since that time. I will examine thу code in detail some time later. But now I have no confidence that the removal of this call is safe.

Just add assert(writer.min_length <= writer.size - writer.pos) and see how Python crashes when run tests.

I cannot understand. :-( writer.min_length means the least needed space here and it means the least space _PyUnicodeWriter will allocate for you. And writer.size is the actually allocated size. So shouldn't the right assertion here is just assert(writer.min_length <= writer.size). If you minus writer.pos, it means the left space, then should use assert(end - s <= writer.size - writer.pos).

You are right. The right assert is assert(end - s <= writer.size - writer.pos). Seems _PyUnicodeWriter_Prepare() is incorrectly used here and in unicode_decode_call_errorhandler_writer(). And min_length may be inconsistently used in different decoders.

I just think it's not necessary but not an error.

Why this is removed?

It's not an error but not a must. After the if ... else ... we get a code path to ready it.

Agree.

This code is needed. See also comments on Rietveld: https://bugs.python.org/review/16334/diff/17685/Objects/unicodeobject.c.

Ohh, it's discussed. I know this may avoid unnecessary reallocation. But honestly I doubt how useful it could be.

LGTM.

Agree.

This is even more important. Since WRITE_CHAR doesn't check the size of the output buffer, we need to allocate the space for writer.min_length = end - s + writer.pos characters past the last written character.