Skip to content

finders.find_wheel can return non-wheel files, causing InvalidWheelFilename crash #1067

@LalatenduMohanty

Description

@LalatenduMohanty

Summary

finders.find_wheel() globs * in the directory and matches using startswith on the filename without filtering by .whl extension. If a non-wheel file (e.g., metadata file, directory, or malformed .whl) matches the prefix, it gets passed to wheels.extract_info_from_wheel_file() which calls parse_wheel_filename() and raises InvalidWheelFilename, crashing the bootstrap.

Where

  • src/fromager/finders.py:141downloads_dir.glob("*") with no extension filter
  • src/fromager/bootstrapper.py:1084 — unguarded call to extract_info_from_wheel_file

Impact

Low. The wheels_build and wheels_downloads directories are managed by fromager and should normally only contain valid .whl files. However, leftover files or files from other tools could trigger this.

Possible fixes

  1. Filter by .whl extension in find_wheel (fix at the source)
  2. Wrap extract_info_from_wheel_file in a try/except InvalidWheelFilename in _look_for_existing_wheel and treat it as a cache miss (defensive fix)
  3. Both

Found via CodeRabbit review on #1047.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't workingeasyeasy task

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions