Clarify BIO_new_mum_buf's lifetime rules. It is not obvious from "It does not take ownership of |buf|" whether the function makes a copy or not. It does not make a copy (maybe it should...), so callers are obligated to manage their lifetimes. Change-Id: I7df9a5814321fd833fcb8d009d9e0318d6668dd4 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/48669 Reviewed-by: Adam Langley <agl@google.com>

commit: e9fae77c06df5dfa7d30545bcd0b3e357e586bc9 [log] [tgz]
author: David Benjamin <davidben@google.com> Mon Aug 02 14:23:19 2021 -0400
committer: Adam Langley <agl@google.com> Tue Aug 03 16:00:35 2021 +0000
tree: 06faaf92d836a35e69adcdaa7882f0897923f97e
parent: 0768d42c283dcf077520c8fc9ad952309950fa48 [diff]
diff --git a/include/openssl/bio.h b/include/openssl/bio.h
index f25492a..18bc893 100644
--- a/include/openssl/bio.h
+++ b/include/openssl/bio.h

@@ -377,7 +377,9 @@
 OPENSSL_EXPORT const BIO_METHOD *BIO_s_mem(void);
 
 // BIO_new_mem_buf creates read-only BIO that reads from |len| bytes at |buf|.
-// It does not take ownership of |buf|. It returns the BIO or NULL on error.
+// It returns the BIO or NULL on error. This function does not copy or take
+// ownership of |buf|. The caller must ensure the memory pointed to by |buf|
+// outlives the |BIO|.
 //
 // If |len| is negative, then |buf| is treated as a NUL-terminated string, but
 // don't depend on this in new code.
commit	e9fae77c06df5dfa7d30545bcd0b3e357e586bc9	[log] [tgz]
author	David Benjamin <davidben@google.com>	Mon Aug 02 14:23:19 2021 -0400
committer	Adam Langley <agl@google.com>	Tue Aug 03 16:00:35 2021 +0000
tree	06faaf92d836a35e69adcdaa7882f0897923f97e
parent	0768d42c283dcf077520c8fc9ad952309950fa48 [diff]