From e9fae77c06df5dfa7d30545bcd0b3e357e586bc9 Mon Sep 17 00:00:00 2001
From: David Benjamin <davidben@google.com>
Date: Mon, 2 Aug 2021 14:23:19 -0400
Subject: [PATCH] Clarify BIO_new_mum_buf's lifetime rules.

It is not obvious from "It does not take ownership of |buf|" whether the
function makes a copy or not. It does not make a copy (maybe it
should...), so callers are obligated to manage their lifetimes.

Change-Id: I7df9a5814321fd833fcb8d009d9e0318d6668dd4
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/48669
Reviewed-by: Adam Langley <agl@google.com>
---
 include/openssl/bio.h | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/include/openssl/bio.h b/include/openssl/bio.h
index f25492aa1..18bc893f7 100644
--- a/include/openssl/bio.h
+++ b/include/openssl/bio.h
@@ -377,7 +377,9 @@ OPENSSL_EXPORT int BIO_read_asn1(BIO *bio, uint8_t **out, size_t *out_len,
 OPENSSL_EXPORT const BIO_METHOD *BIO_s_mem(void);
 
 // BIO_new_mem_buf creates read-only BIO that reads from |len| bytes at |buf|.
-// It does not take ownership of |buf|. It returns the BIO or NULL on error.
+// It returns the BIO or NULL on error. This function does not copy or take
+// ownership of |buf|. The caller must ensure the memory pointed to by |buf|
+// outlives the |BIO|.
 //
 // If |len| is negative, then |buf| is treated as a NUL-terminated string, but
 // don't depend on this in new code.