Bug 1154709

Summary: [abrt] php-cli: zend_hash_get_current_key_type_ex(): php killed by SIGSEGV
Product: [Fedora] Fedora Reporter: Pavel Malyshev <p.malishev>
Component: phpAssignee: Remi Collet <fedora>
Status: CLOSED EOL QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 20CC: fedora, jorton
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
URL: https://retrace.fedoraproject.org/faf/reports/bthash/02ce6115eba5b365de19f6a222d01b858ca3233e
Whiteboard: abrt_hash:68c7c584cb5e662e63d262f33353c11969c63dfc
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-06-29 22:59:14 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
File: backtrace
none
File: cgroup
none
File: core_backtrace
none
File: dso_list
none
File: environ
none
File: limits
none
File: maps
none
File: open_fds
none
File: proc_pid_status
none
File: var_log_messages
none
File: exploitable none

Description Pavel Malyshev 2014-10-20 15:10:34 UTC 
Description of problem:
Executed phpunit for a tiny YII-based project.
YII version 1.1.12

phpunit segfaults even with an empty unittest:
<?php
class EngineTest extends CDbTestCase
{
}

Version-Release number of selected component:
php-cli-5.5.17-2.fc20

Additional info:
reporter:       libreport-2.2.3
backtrace_rating: 4
cmdline:        /usr/bin/php /usr/bin/phpunit unit
crash_function: zend_hash_get_current_key_type_ex
executable:     /usr/bin/php
kernel:         3.16.6-200.fc20.x86_64
runlevel:       N 5
type:           CCpp
uid:            1044

Truncated backtrace:
Thread no. 1 (10 frames)
 #0 zend_hash_get_current_key_type_ex at /usr/src/debug/php-5.5.17/Zend/zend_hash.c:1203
 #1 zif_spl_autoload_call at /usr/src/debug/php-5.5.17/ext/spl/php_spl.c:433
 #2 dtrace_execute_internal at /usr/src/debug/php-5.5.17/Zend/zend_dtrace.c:97
 #3 xdebug_execute_internal at /usr/src/debug/php-pecl-xdebug-2.2.5/NTS/xdebug.c:1551
 #4 zend_call_function at /usr/src/debug/php-5.5.17/Zend/zend_execute_API.c:957
 #5 zend_lookup_class_ex at /usr/src/debug/php-5.5.17/Zend/zend_execute_API.c:1113
 #6 zend_fetch_class_by_name at /usr/src/debug/php-5.5.17/Zend/zend_execute_API.c:1593
 #7 ZEND_FETCH_CLASS_SPEC_CONST_HANDLER at /usr/src/debug/php-5.5.17/Zend/zend_vm_execute.h:1200
 #8 execute_ex at /usr/src/debug/php-5.5.17/Zend/zend_vm_execute.h:363
 #9 dtrace_execute_ex at /usr/src/debug/php-5.5.17/Zend/zend_dtrace.c:73
Comment 1 Pavel Malyshev 2014-10-20 15:10:37 UTC 
Created attachment 948595 [details]
File: backtrace
Comment 2 Pavel Malyshev 2014-10-20 15:10:40 UTC 
Created attachment 948596 [details]
File: cgroup
Comment 3 Pavel Malyshev 2014-10-20 15:10:41 UTC 
Created attachment 948597 [details]
File: core_backtrace
Comment 4 Pavel Malyshev 2014-10-20 15:10:43 UTC 
Created attachment 948598 [details]
File: dso_list
Comment 5 Pavel Malyshev 2014-10-20 15:10:44 UTC 
Created attachment 948599 [details]
File: environ
Comment 6 Pavel Malyshev 2014-10-20 15:10:45 UTC 
Created attachment 948600 [details]
File: limits
Comment 7 Pavel Malyshev 2014-10-20 15:10:47 UTC 
Created attachment 948601 [details]
File: maps
Comment 8 Pavel Malyshev 2014-10-20 15:10:48 UTC 
Created attachment 948602 [details]
File: open_fds
Comment 9 Pavel Malyshev 2014-10-20 15:10:49 UTC 
Created attachment 948603 [details]
File: proc_pid_status
Comment 10 Pavel Malyshev 2014-10-20 15:10:50 UTC 
Created attachment 948604 [details]
File: var_log_messages
Comment 11 Pavel Malyshev 2014-10-20 15:10:52 UTC 
Created attachment 948605 [details]
File: exploitable
Comment 12 Pavel Malyshev 2014-10-20 16:44:40 UTC 
The issue went away after an upgrade to Yii 1.1.15.
The failure seems to be caused by some autoload configuration magic.

The code of Yii-1.1.12 (yii/framework/test/CTestCase.php):
--------------------------------
require_once('PHPUnit/Util/Filesystem.php'); // workaround for PHPUnit <= 3.6.11
require_once('PHPUnit/Autoload.php');
spl_autoload_unregister('phpunit_autoload');
Yii::registerAutoloader('phpunit_autoload');
--------------------------------
The last line caused the segfault.


Yii::registerAutoloader() is:
--------------------------------
public static function registerAutoloader($callback, $append=false)
{
...
                        spl_autoload_unregister(array('YiiBase','autoload'));
                        spl_autoload_register($callback);
                        spl_autoload_register(array('YiiBase','autoload'));
...
}
--------------------------------
It used to segfault at the 'spl_autoload_register($callback);'




The new code:
--------------------------------
require_once('PHPUnit/Runner/Version.php');
require_once('PHPUnit/Util/Filesystem.php'); // workaround for PHPUnit <= 3.6.11

spl_autoload_unregister(array('YiiBase','autoload'));
require_once('PHPUnit/Autoload.php');
spl_autoload_register(array('YiiBase','autoload')); // put yii's autoloader at the end

if (in_array('phpunit_autoload', spl_autoload_functions())) { // PHPUnit >= 3.7 'phpunit_autoload' was obsoleted
    spl_autoload_unregister('phpunit_autoload');
    Yii::registerAutoloader('phpunit_autoload');
}
--------------------------------


So the most likely PHP tried to signal that there is no 'phpunit_autoload' when 
Yii::registerAutoloader() tried to register it.

Since there is a fix in framework I believe that priority of this bug should be low, but PHP should not segfault anyway.
Comment 13 Fedora End Of Life 2015-05-29 13:07:50 UTC 
This message is a reminder that Fedora 20 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 20. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as EOL if it remains open with a Fedora  'version'
of '20'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora 20 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora, you are encouraged  change the 'version' to a later Fedora 
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.
Comment 14 Fedora End Of Life 2015-06-29 22:59:14 UTC 
Fedora 20 changed to end-of-life (EOL) status on 2015-06-23. Fedora 20 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.