From dc62b622524bf49eb539f444841049fdfbe2681e Mon Sep 17 00:00:00 2001
From: Sergey Miryanov <sergey.miryanov@gmail.com>
Date: Tue, 25 Nov 2025 03:07:45 +0500
Subject: [PATCH] GH-141861: Fix invalid memory read in the ENTER_EXECUTOR
 (GH-141921)

---
 Lib/test/test_capi/test_opt.py                | 32 +++++++++++++++++++
 ...-11-25-02-23-31.gh-issue-141861.QcMdcM.rst |  1 +
 Python/bytecodes.c                            |  2 +-
 Python/generated_cases.c.h                    |  2 +-
 4 files changed, 35 insertions(+), 2 deletions(-)
 create mode 100644 Misc/NEWS.d/next/Core_and_Builtins/2025-11-25-02-23-31.gh-issue-141861.QcMdcM.rst

diff --git a/Lib/test/test_capi/test_opt.py b/Lib/test/test_capi/test_opt.py
index 58242f9ac3a0..51234a2e40f5 100644
--- a/Lib/test/test_capi/test_opt.py
+++ b/Lib/test/test_capi/test_opt.py
@@ -2662,6 +2662,38 @@ class TestUopsOptimization(unittest.TestCase):
                               f" {executor} at offset {idx} rather"
                               f" than expected _EXIT_TRACE")
 
+    def test_enter_executor_valid_op_arg(self):
+        script_helper.assert_python_ok("-c", textwrap.dedent("""
+            import sys
+            sys.setrecursionlimit(30) # reduce time of the run
+
+            str_v1 = ''
+            tuple_v2 = (None, None, None, None, None)
+            small_int_v3 = 4
+
+            def f1():
+
+                for _ in range(10):
+                    abs(0)
+
+                tuple_v2[small_int_v3]
+                tuple_v2[small_int_v3]
+                tuple_v2[small_int_v3]
+
+                def recursive_wrapper_4569():
+                    str_v1 > str_v1
+                    str_v1 > str_v1
+                    str_v1 > str_v1
+                    recursive_wrapper_4569()
+
+                recursive_wrapper_4569()
+
+            for i_f1 in range(19000):
+                try:
+                    f1()
+                except RecursionError:
+                    pass
+        """))
 
 
 def global_identity(x):
diff --git a/Misc/NEWS.d/next/Core_and_Builtins/2025-11-25-02-23-31.gh-issue-141861.QcMdcM.rst b/Misc/NEWS.d/next/Core_and_Builtins/2025-11-25-02-23-31.gh-issue-141861.QcMdcM.rst
new file mode 100644
index 000000000000..4a1156699989
--- /dev/null
+++ b/Misc/NEWS.d/next/Core_and_Builtins/2025-11-25-02-23-31.gh-issue-141861.QcMdcM.rst
@@ -0,0 +1 @@
+Fix invalid memory read in the ``ENTER_EXECUTOR`` instruction.
diff --git a/Python/bytecodes.c b/Python/bytecodes.c
index 12ee506e4f2b..6129ea2e7232 100644
--- a/Python/bytecodes.c
+++ b/Python/bytecodes.c
@@ -3018,7 +3018,7 @@ dummy_func(
                 goto stop_tracing;
             }
             PyCodeObject *code = _PyFrame_GetCode(frame);
-            _PyExecutorObject *executor = code->co_executors->executors[oparg & 255];
+            _PyExecutorObject *executor = code->co_executors->executors[this_instr->op.arg];
             assert(executor->vm_data.index == INSTR_OFFSET() - 1);
             assert(executor->vm_data.code == code);
             assert(executor->vm_data.valid);
diff --git a/Python/generated_cases.c.h b/Python/generated_cases.c.h
index b83b7c528e91..47805c270f9a 100644
--- a/Python/generated_cases.c.h
+++ b/Python/generated_cases.c.h
@@ -5476,7 +5476,7 @@
                 JUMP_TO_LABEL(stop_tracing);
             }
             PyCodeObject *code = _PyFrame_GetCode(frame);
-            _PyExecutorObject *executor = code->co_executors->executors[oparg & 255];
+            _PyExecutorObject *executor = code->co_executors->executors[this_instr->op.arg];
             assert(executor->vm_data.index == INSTR_OFFSET() - 1);
             assert(executor->vm_data.code == code);
             assert(executor->vm_data.valid);
-- 
2.47.3