Fix a nil pointer dereference bug in Container.Destroy()
In Container.Destroy(), we call c.stop() before calling executeHooksBestEffort(), therefore, when we call executeHooksBestEffort(c.Spec.Hooks.Poststop, c.State()) to execute the poststop hook, it results in a nil pointer dereference since it reads c.Sandbox.Pid in c.State() after the sandbox has been destroyed. To fix this bug, we can change container's status to "stopped" before executing the poststop hook. Signed-off-by: ShiruRen <renshiru2000@gmail.com> Change-Id: I4d835e430066fab7e599e188f945291adfc521ef PiperOrigin-RevId: 230975505
This commit is contained in:
parent
c28f886c0b
commit
c6facd0358
|
@ -674,6 +674,8 @@ func (c *Container) Destroy() error {
|
|||
errs = append(errs, err.Error())
|
||||
}
|
||||
|
||||
c.changeStatus(Stopped)
|
||||
|
||||
// "If any poststop hook fails, the runtime MUST log a warning, but the
|
||||
// remaining hooks and lifecycle continue as if the hook had succeeded" -OCI spec.
|
||||
// Based on the OCI, "The post-stop hooks MUST be called after the container is
|
||||
|
@ -686,8 +688,6 @@ func (c *Container) Destroy() error {
|
|||
executeHooksBestEffort(c.Spec.Hooks.Poststop, c.State())
|
||||
}
|
||||
|
||||
c.changeStatus(Stopped)
|
||||
|
||||
if len(errs) == 0 {
|
||||
return nil
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue