Skip to content

gh-137288: Fix bug where boolean expressions are not associated with the correct exception handler #137310

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Aug 5, 2025
Merged

gh-137288: Fix bug where boolean expressions are not associated with the correct exception handler #137310

merged 7 commits into from
Aug 5, 2025

Conversation

iritkatriel
Copy link
Member

@iritkatriel iritkatriel commented Aug 1, 2025
edited by bedevere-app bot
Loading

@iritkatriel iritkatriel added type-bug An unexpected behavior, bug, or error interpreter-core (Objects, Python, Grammar, and Parser dirs) 3.14 bugs and security fixes labels Aug 1, 2025
@bedevere-app bedevere-app bot mentioned this pull request Aug 1, 2025
Closed
@picnixz picnixz added needs backport to 3.14 bugs and security fixes and removed 3.14 bugs and security fixes labels Aug 1, 2025
@encukou
Copy link
Member

encukou commented Aug 4, 2025

This looks reasonable to me but I don't know this code enough to review it.

However, the fix will require bumping the PYC magic number in 3.14.0rc2 :( Heads up, @hugovk

@markshannon
Copy link
Member

The code changes look good to me.

I think this needs a separate pyc magic number bump for the backport.
On main: 3654 -> 3655, and for 3.14: 3624 -> 3625.

@iritkatriel
Reapply "bump magic number"
69708fe 
This reverts commit af2128c.
@iritkatriel iritkatriel merged commit 1f2026b into python:main Aug 5, 2025
41 checks passed
@miss-islington-app
Copy link

Thanks @iritkatriel for the PR 🌮🎉.. I'm working now to backport this PR to: 3.14.
🐍🍒⛏🤖

@miss-islington-app
Copy link

Sorry, @iritkatriel, I could not cleanly backport this to 3.14 due to a conflict.
Please backport using cherry_picker on command line.

cherry_picker 1f2026b8a239b3169c0cad0157eb08358152b4c1 3.14

iritkatriel added a commit to iritkatriel/cpython that referenced this pull request Aug 5, 2025
@iritkatriel
[3.14] pythongh-137288: Fix bug where boolean expressions are not ass…
9f60d4f 
…ociated with the correct exception handler (pythonGH-137310).

(cherry picked from commit 1f2026b)

Co-authored-by: Irit Katriel <[email protected]>
@bedevere-app
Copy link

bedevere-app bot commented Aug 5, 2025

GH-137427 is a backport of this pull request to the 3.14 branch.

@bedevere-app bedevere-app bot removed the needs backport to 3.14 bugs and security fixes label Aug 5, 2025
@rgommers
Copy link
Contributor

rgommers commented Aug 7, 2025

However, the fix will require bumping the PYC magic number in 3.14.0rc2 :( Heads up, @hugovk

I was pointed at this PR with a message saying "a fix for 3.14.0rc2 may require telling projects that already cut a release to redo that". On closer inspection, that doesn't seem to be the case. The ABI doesn't change here, and packages on PyPI shouldn't contain .pyc code (unless some bad legacy build config in a package explicitly includes .pyc code in wheels). And at install time, .pyc files with an older bytecode magic number should be ignored and be regenerated. So there is no serious impact here, right?

@encukou
Copy link
Member

encukou commented Aug 11, 2025

I know that Fedora builds .pycs, installs them as root so users can't update them, and the more locked-down settings generate security alerts when users attempt to overwrite system files.
Not sure how other redistributors are affected, but I assume this is close to the worst case.

@rgommers
Copy link
Contributor

Ah of course, distros and other deployment methods that install with root/elevated privileges, thanks @encukou. A bit of digging turns up #73700, which seems like it wasn't much fun for affected redistributors.

There hopefully won't be many distros that distribute packages before the final 3.14.0 release; I believe Fedora is fairly exceptional in doing that. Same for sysadmins installing on multi-user systems, that should be rare pre-3.14.0-final.

hugovk pushed a commit that referenced this pull request Aug 12, 2025
@iritkatriel @encukou
[3.14] gh-137288: Fix bug where boolean expressions are not associate…
0ccf244 
…d with the correct exception handler (GH-137310). (#137427)

Co-authored-by: Irit Katriel <[email protected]>
Co-authored-by: Petr Viktorin <[email protected]>
hroncok pushed a commit to fedora-python/cpython that referenced this pull request Aug 12, 2025
@iritkatriel @encukou @hroncok
00468: pythongh-137288: Fix bug where boolean expressions are not ass…
7a25fb3 
…ociated with the correct exception handler (pythonGH-137310). (python#137427)

Co-authored-by: Irit Katriel <[email protected]>
Co-authored-by: Petr Viktorin <[email protected]>
@hugovk
Copy link
Member

hugovk commented Aug 12, 2025

FYI We'll do an early rc2 with this and add an rc3 next month:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@markshannon markshannon Awaiting requested review from markshannon markshannon is a code owner

Assignees
No one assigned
Labels
interpreter-core (Objects, Python, Grammar, and Parser dirs) type-bug An unexpected behavior, bug, or error
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Python implicit boolean conversion in logical operations bypasses try/except on 3.14.0rc1
6 participants
@iritkatriel @encukou @markshannon @rgommers @hugovk @picnixz