Skip to content

Commit

Permalink
docs: specify s2n_blob growable conditions (#4943)
Browse files Browse the repository at this point in the history
Co-authored-by: maddeleine <[email protected]>
  • Loading branch information
jmayclin and maddeleine authored Dec 12, 2024
1 parent 142ef88 commit 20cbaac
Show file tree
Hide file tree
Showing 4 changed files with 21 additions and 3 deletions.
6 changes: 5 additions & 1 deletion stuffer/s2n_stuffer.h
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,11 @@ struct s2n_stuffer {
uint32_t write_cursor;
uint32_t high_water_mark;

/* Was this stuffer alloc()'d ? */
/* Was this stuffer alloc()'d?
* This field controls whether the stuffer "owns" the blob. If the stuffer
* was allocated, then `blob` must be freed when the stuffer is freed. If the
* stuffer was not allocated, then the blob must not be freed by the stuffer, even if the
* blob itself is allocated. */
unsigned int alloced : 1;

/* Is this stuffer growable? */
Expand Down
1 change: 1 addition & 0 deletions utils/s2n_blob.c
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ S2N_RESULT s2n_blob_validate(const struct s2n_blob *b)
RESULT_DEBUG_ENSURE(S2N_IMPLIES(b->data == NULL, b->size == 0), S2N_ERR_SAFETY);
RESULT_DEBUG_ENSURE(S2N_IMPLIES(b->data == NULL, b->allocated == 0), S2N_ERR_SAFETY);
RESULT_DEBUG_ENSURE(S2N_IMPLIES(b->growable == 0, b->allocated == 0), S2N_ERR_SAFETY);
RESULT_DEBUG_ENSURE(S2N_IMPLIES(b->growable == 1, b->allocated > 0 || b->size == 0), S2N_ERR_SAFETY);
RESULT_DEBUG_ENSURE(S2N_IMPLIES(b->growable != 0, b->size <= b->allocated), S2N_ERR_SAFETY);
RESULT_DEBUG_ENSURE(S2N_MEM_IS_READABLE(b->data, b->allocated), S2N_ERR_SAFETY);
RESULT_DEBUG_ENSURE(S2N_MEM_IS_READABLE(b->data, b->size), S2N_ERR_SAFETY);
Expand Down
14 changes: 12 additions & 2 deletions utils/s2n_blob.h
Original file line number Diff line number Diff line change
Expand Up @@ -30,11 +30,21 @@ struct s2n_blob {
/* The amount of memory allocated for this blob (i.e. the amount of memory
* which needs to be freed when the blob is cleaned up). If this blob was
* created with s2n_blob_init(), this value is 0. If s2n_alloc() was called,
* this value will be greater than 0.
* this value will be greater than or equal to size.
*
* size < allocated implies that an allocated blob is being reused to store
* a smaller amount of data.
*/
uint32_t allocated;

/* Can this blob be resized */
/* An allocated blob (e.g.`s2n_alloc`) is always growable. A "reference"
* blob (from `s2n_blob_init`) is never growable.
*
* This field is necessary to distinguish zero-sized allocated blobs from
* zero-sized "reference" blobs. Zero-sized allocated blobs can not be
* constructed with s2n_alloc or s2n_realloc, but they are directly initialized
* in s2n_free_object.
*/
unsigned growable : 1;
};

Expand Down
3 changes: 3 additions & 0 deletions utils/s2n_ensure.h
Original file line number Diff line number Diff line change
Expand Up @@ -120,6 +120,9 @@ void *s2n_ensure_memmove_trace(void *to, const void *from, size_t size);
#define S2N_OBJECT_PTR_IS_READABLE(ptr) ((ptr) != NULL)
#define S2N_OBJECT_PTR_IS_WRITABLE(ptr) ((ptr) != NULL)

/**
* If `a` is true, then `b` must be true.
*/
#define S2N_IMPLIES(a, b) (!(a) || (b))
/**
* If and only if (iff) is a biconditional logical connective between statements a and b.
Expand Down

0 comments on commit 20cbaac

Please sign in to comment.