Clarify that only top-level CBBs get CBB_cleanup.

Also add an assert to that effect. Change-Id: I1bd0571e3889f1cba968fd99041121ac42ee9e89 Reviewed-on: https://boringssl-review.googlesource.com/5990 Reviewed-by: Adam Langley <agl@google.com>
2015-09-24 13:49:03 -04:00 · 2015-09-24 13:49:03 -04:00 · dbb0321014
commit dbb0321014
parent df6a3f8b95
2 changed files with 9 additions and 1 deletions
--- a/crypto/bytestring/cbb.c
+++ b/crypto/bytestring/cbb.c
@ -70,6 +70,10 @@ int CBB_init_fixed(CBB *cbb, uint8_t *buf, size_t len) {

 void CBB_cleanup(CBB *cbb) {
  if (cbb->base) {
+    /* Only top-level |CBB|s are cleaned up. Child |CBB|s are non-owning. They
+     * are implicitly discarded when the parent is flushed or cleaned up. */
+    assert(cbb->is_top_level);
+
    if (cbb->base->can_resize) {
      OPENSSL_free(cbb->base->buf);
    }
--- a/include/openssl/bytestring.h
+++ b/include/openssl/bytestring.h
@ -270,7 +270,11 @@ OPENSSL_EXPORT int CBB_init_fixed(CBB *cbb, uint8_t *buf, size_t len);

 /* CBB_cleanup frees all resources owned by |cbb| and other |CBB| objects
 * writing to the same buffer. This should be used in an error case where a
- * serialisation is abandoned. */
+ * serialisation is abandoned.
+ *
+ * This function can only be called on a "top level" |CBB|, i.e. one initialised
+ * with |CBB_init| or |CBB_init_fixed|, or a |CBB| set to the zero state with
+ * |CBB_zero|. */
 OPENSSL_EXPORT void CBB_cleanup(CBB *cbb);

 /* CBB_finish completes any pending length prefix and sets |*out_data| to a