Fix a nil pointer dereference bug in Container.Destroy()

In Container.Destroy(), we call c.stop() before calling executeHooksBestEffort(), therefore, when we call executeHooksBestEffort(c.Spec.Hooks.Poststop, c.State()) to execute the poststop hook, it results in a nil pointer dereference since it reads c.Sandbox.Pid in c.State() after the sandbox has been destroyed. To fix this bug, we can change container's status to "stopped" before executing the poststop hook. Signed-off-by: ShiruRen <renshiru2000@gmail.com> Change-Id: I4d835e430066fab7e599e188f945291adfc521ef PiperOrigin-RevId: 230975505
author: ShiruRen <renshiru2000@gmail.com> 2019-01-25 15:01:55 -0800
committer: Shentubot <shentubot@google.com> 2019-01-25 15:03:17 -0800
commit: c6facd0358ae61849786dbbc0f4f5a07a25cb6f1 (patch)
tree: 0c6022630e003969aa31b3f35f591f5078afcdfd /runsc/container
parent: c28f886c0bb0ff996e07fc133e0ebe1d842b496a (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/runsc/container/container.go b/runsc/container/container.go
index 6d88dff7f..1b410c63a 100644
--- a/runsc/container/container.go
+++ b/runsc/container/container.go
@@ -674,6 +674,8 @@ func (c *Container) Destroy() error {
 		errs = append(errs, err.Error())
 	}
 
+	c.changeStatus(Stopped)
+
 	// "If any poststop hook fails, the runtime MUST log a warning, but the
 	// remaining hooks and lifecycle continue as if the hook had succeeded" -OCI spec.
 	// Based on the OCI, "The post-stop hooks MUST be called after the container is
@@ -686,8 +688,6 @@ func (c *Container) Destroy() error {
 		executeHooksBestEffort(c.Spec.Hooks.Poststop, c.State())
 	}
 
-	c.changeStatus(Stopped)
-
 	if len(errs) == 0 {
 		return nil
 	}
author	ShiruRen <renshiru2000@gmail.com>	2019-01-25 15:01:55 -0800
committer	Shentubot <shentubot@google.com>	2019-01-25 15:03:17 -0800
commit	c6facd0358ae61849786dbbc0f4f5a07a25cb6f1 (patch)
tree	0c6022630e003969aa31b3f35f591f5078afcdfd /runsc/container
parent	c28f886c0bb0ff996e07fc133e0ebe1d842b496a (diff)