Document and test nul-terminating behavior of tor_uncompress()

We added this as a safety feature, but there are a few places in the
code that actually depend on it.

1 files changed, 6 insertions, 0 deletions

diff --git a/src/common/compress.c b/src/common/compress.c
index 771f5ab7b6..9a24025db0 100644
--- a/src/common/compress.c
+++ b/src/common/compress.c
@@ -221,6 +221,12 @@ tor_compress(char **out, size_t *out_len,
  * *<b>out</b>, and its length in *<b>out_len</b>.  Return 0 on success, -1 on
  * failure.
  *
+ * If any bytes are written to <b>out</b>, an extra byte NUL is always
+ * written at the end, but not counted in <b>out_len</b>.  This is a
+ * safety feature to ensure that the output can be treated as a
+ * NUL-terminated string -- though of course, callers should check
+ * out_len anyway.
+ *
  * If <b>complete_only</b> is true, we consider a truncated input as a
  * failure; otherwise we decompress as much as we can.  Warn about truncated
  * or corrupt inputs at <b>protocol_warn_level</b>.