From ff97f336e3f05849d9e80412f98ebaa383463456 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Fri, 25 Nov 2022 13:34:59 +0100
Subject: [PATCH] Explain why p + n isn't good enough

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 library/common.h | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/library/common.h b/library/common.h
index 0169325bb9..1663d50226 100644
--- a/library/common.h
+++ b/library/common.h
@@ -63,6 +63,9 @@
  *
  * This is just the addition of an offset to a pointer, except that this
  * function also accepts an offset of 0 into a buffer whose pointer is null.
+ * (`p + n` has undefined behavior when `p` is null, even when `n == 0`.
+ * A null pointer is a valid buffer pointer when the size is 0, for example
+ * as the result of `malloc(0)` on some platforms.)
  *
  * \param p     Pointer to a buffer of at least n bytes.
  *              This may be \p NULL if \p n is zero.
@@ -79,8 +82,7 @@ static inline unsigned char *mbedtls_buffer_offset(
 
 /** Return an offset into a read-only buffer.
  *
- * This is just the addition of an offset to a pointer, except that this
- * function also accepts an offset of 0 into a buffer whose pointer is null.
+ * Similar to mbedtls_buffer_offset(), but for const pointers.
  *
  * \param p     Pointer to a buffer of at least n bytes.
  *              This may be \p NULL if \p n is zero.