The Fix
pip install urllib3==2.2.2
Based on closed urllib3/urllib3 issue #3122 · PR/commit linked
@@ -0,0 +1,2 @@
@@ -0,0 +1,2 @@
+Allowed passing negative integers as ``amt`` to read methods of
+:class:`http.client.HTTPResponse` as an alternative to ``None``.
diff --git a/src/urllib3/contrib/emscripten/response.py b/src/urllib3/contrib/emscripten/response.py
repro.py
import platform
import ssl
import urllib3
print("OS", platform.platform())
print("Python", platform.python_version())
print(ssl.OPENSSL_VERSION)
print("urllib3", urllib3.__version__)
verify
Re-run the minimal reproduction on your broken version, then apply the fix and re-run.
fix.md
Option A — Upgrade to fixed release\npip install urllib3==2.2.2\nWhen NOT to use: Avoid using this fix if the application relies on the previous behavior of raising an exception for negative values.\n\n
Why This Fix Works in Production
- Trigger: return self._decoded_buffer.get(amt)
- Mechanism: The read method raises an exception when passing a negative integer instead of None
- Why the fix works: Allows passing negative integers as `amt` to read methods, treating them the same as `None`, thus fixing the issue where `read(-1)` raises an unexpected exception. (first fixed release: 2.2.2).
Why This Breaks in Prod
- Shows up under Python 3.11.4 in real deployments (not just unit tests).
- The read method raises an exception when passing a negative integer instead of None
- Surfaces as: Traceback (most recent call last):
Proof / Evidence
- GitHub issue: #3122
- Fix PR: https://github.com/urllib3/urllib3/pull/3356
- First fixed release: 2.2.2
- Reproduced locally: No (not executed)
- Last verified: 2026-02-09
- Confidence: 0.85
- Did this fix it?: Yes (upstream fix exists)
- Own content ratio: 0.47
Discussion
High-signal excerpts from the issue thread (symptoms, repros, edge-cases).
“@smason and I discussed the issue in https://github.com/urllib3/urllib3/pull/3186 too”
“Our HTTPResponse object actually behaves a lot more like an io.BufferedIOBase instead of an io.RawIOBase object due to how .read() is implemented to always return…”
Failure Signature (Search String)
- return self._decoded_buffer.get(amt)
Error Message
Stack trace
error.txt
Error Message
-------------
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/Users/kosta/Library/Caches/pypoetry/virtualenvs/urllib3-read-IiCHxn1z-py3.11/lib/python3.11/site-packages/urllib3/response.py", line 877, in read
return self._decoded_buffer.get(amt)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/Users/kosta/Library/Caches/pypoetry/virtualenvs/urllib3-read-IiCHxn1z-py3.11/lib/python3.11/site-packages/urllib3/response.py", line 255, in get
raise RuntimeError("buffer is empty")
Stack trace
error.txt
Error Message
-------------
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/Users/kosta/Library/Caches/pypoetry/virtualenvs/uai-snaky-path-TevYsdGm-py3.9/lib/python3.9/site-packages/urllib3/response.py", line 567, in read
data = self._fp_read(amt) if not fp_closed else b""
File "/Users/kosta/Library/Caches/pypoetry/virtualenvs/uai-snaky-path-TevYsdGm-py3.9/lib/python3.9/site-packages/urllib3/response.py", line 533, in _fp_read
return self._fp.read(amt) if amt is not None else self._fp.read()
File "/opt/homebrew/Cellar/[email protected]/3.9.17_1/Frameworks/Python.framework/Versions/3.9/lib/python3.9/http/client.py", line 462, in read
b = bytearray(amt)
ValueError: negative count
Minimal Reproduction
repro.py
import platform
import ssl
import urllib3
print("OS", platform.platform())
print("Python", platform.python_version())
print(ssl.OPENSSL_VERSION)
print("urllib3", urllib3.__version__)
Environment
- Python: 3.11.4
- urllib3: 2.0.4
What Broke
Calling read(-1) results in a RuntimeError, disrupting data retrieval.
Why It Broke
The read method raises an exception when passing a negative integer instead of None
Fix Options (Details)
Option A — Upgrade to fixed release Safe default (recommended)
pip install urllib3==2.2.2
When NOT to use: Avoid using this fix if the application relies on the previous behavior of raising an exception for negative values.
Use when you can deploy the upstream fix. It is usually lower-risk than long-lived workarounds.
Fix reference: https://github.com/urllib3/urllib3/pull/3356
First fixed release: 2.2.2
Last verified: 2026-02-09. Validate in your environment.
When NOT to Use This Fix
- Avoid using this fix if the application relies on the previous behavior of raising an exception for negative values.
Verify Fix
verify
Re-run the minimal reproduction on your broken version, then apply the fix and re-run.
Did This Fix Work in Your Case?
Quick signal helps us prioritize which fixes to verify and improve.
Prevention
- Add a CI check that diffs key outputs after upgrades (OpenAPI schema snapshots, JSON payload shapes, CLI output).
- Upgrade behind a canary and run integration tests against the canary before 100% rollout.
- Add a TLS smoke test that performs a real handshake in CI (include CA bundle validation and hostname checks).
- Alert on handshake failures by error string and endpoint to catch cert/CA changes quickly.
Version Compatibility Table
| Version | Status |
|---|---|
| 2.2.2 | Fixed |
Related Issues
No related fixes found.
Sources
We don’t republish the full GitHub discussion text. Use the links above for context.