go
/
gvisor
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix a nil pointer dereference bug in Container.Destroy() 

In Container.Destroy(), we call c.stop() before calling
executeHooksBestEffort(), therefore, when we call
executeHooksBestEffort(c.Spec.Hooks.Poststop, c.State()) to execute
the poststop hook, it results in a nil pointer dereference since it
reads c.Sandbox.Pid in c.State() after the sandbox has been destroyed.
To fix this bug, we can change container's status to "stopped" before
executing the poststop hook.

Signed-off-by: ShiruRen <renshiru2000@gmail.com>
Change-Id: I4d835e430066fab7e599e188f945291adfc521ef
PiperOrigin-RevId: 230975505
This commit is contained in:
ShiruRen 2019-01-25 15:01:55 -08:00 committed by Shentubot
parent c28f886c0b
commit c6facd0358
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
runsc/container/container.go
View File

@ -674,6 +674,8 @@ func (c *Container) Destroy() error {
errs = append(errs, err.Error()) errs = append(errs, err.Error())
} }
c.changeStatus(Stopped)
// "If any poststop hook fails, the runtime MUST log a warning, but the // "If any poststop hook fails, the runtime MUST log a warning, but the
// remaining hooks and lifecycle continue as if the hook had succeeded" -OCI spec. // remaining hooks and lifecycle continue as if the hook had succeeded" -OCI spec.
// Based on the OCI, "The post-stop hooks MUST be called after the container is // Based on the OCI, "The post-stop hooks MUST be called after the container is
@ -686,8 +688,6 @@ func (c *Container) Destroy() error {
executeHooksBestEffort(c.Spec.Hooks.Poststop, c.State()) executeHooksBestEffort(c.Spec.Hooks.Poststop, c.State())
} }
c.changeStatus(Stopped)
if len(errs) == 0 { if len(errs) == 0 {
return nil return nil
} }