3.11 ast.parse on fuzzed string: SystemError: Negative size passed to PyUnicode_New

[nedbat]

Bug report

Bug description:

crash.py:

import ast

ast.parse('f""""{5\nclass""\ta:""0"""')

On 3.11.13:

% python3.11 crash.py
Traceback (most recent call last):
  File "/Users/ned/coverage/trunk/crash.py", line 3, in <module>
    ast.parse('f""""{5\nclass""\ta:""0"""')
  File "/usr/local/pyenv/pyenv/versions/3.11.13/lib/python3.11/ast.py", line 50, in parse
    return compile(source, filename, mode, flags,
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
SystemError: Negative size passed to PyUnicode_New

3.12 and up report SyntaxError: '{' was never closed

This was found by oss-fuzz and reported to coverage.py: https://issues.oss-fuzz.com/issues/424242613

CPython versions tested on:

3.11, 3.12, 3.13, 3.14

Operating systems tested on:

No response

[nineteendo]

Minimal reproducer:

f"""{5
class a:"""

[ZeroIntensity]

3.11 is security-only, I doubt there's anything we can do at this point.

[terryjreedy]

Whatever fixed the bug was almost certainly not backported intentionally. Definitely too late now.