Clarify that only top-level CBBs get CBB_cleanup.
Also add an assert to that effect.
Change-Id: I1bd0571e3889f1cba968fd99041121ac42ee9e89
Reviewed-on: https://boringssl-review.googlesource.com/5990
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/bytestring/cbb.c b/crypto/bytestring/cbb.c
index 1da6a21..5d7485a 100644
--- a/crypto/bytestring/cbb.c
+++ b/crypto/bytestring/cbb.c
@@ -70,6 +70,10 @@
void CBB_cleanup(CBB *cbb) {
if (cbb->base) {
+ /* Only top-level |CBB|s are cleaned up. Child |CBB|s are non-owning. They
+ * are implicitly discarded when the parent is flushed or cleaned up. */
+ assert(cbb->is_top_level);
+
if (cbb->base->can_resize) {
OPENSSL_free(cbb->base->buf);
}
diff --git a/include/openssl/bytestring.h b/include/openssl/bytestring.h
index 1b1a0a9..6faab3c 100644
--- a/include/openssl/bytestring.h
+++ b/include/openssl/bytestring.h
@@ -270,7 +270,11 @@
/* CBB_cleanup frees all resources owned by |cbb| and other |CBB| objects
* writing to the same buffer. This should be used in an error case where a
- * serialisation is abandoned. */
+ * serialisation is abandoned.
+ *
+ * This function can only be called on a "top level" |CBB|, i.e. one initialised
+ * with |CBB_init| or |CBB_init_fixed|, or a |CBB| set to the zero state with
+ * |CBB_zero|. */
OPENSSL_EXPORT void CBB_cleanup(CBB *cbb);
/* CBB_finish completes any pending length prefix and sets |*out_data| to a
