From 7d23778178582afa9033bcbb2264300bac3767c6 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Fri, 25 Nov 2022 13:34:59 +0100
Subject: [PATCH] Explain why p + n isn't good enough

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 library/common.h | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/library/common.h b/library/common.h
index 53598228b4..25d5294e1a 100644
--- a/library/common.h
+++ b/library/common.h
@@ -73,6 +73,9 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
  *
  * This is just the addition of an offset to a pointer, except that this
  * function also accepts an offset of 0 into a buffer whose pointer is null.
+ * (`p + n` has undefined behavior when `p` is null, even when `n == 0`.
+ * A null pointer is a valid buffer pointer when the size is 0, for example
+ * as the result of `malloc(0)` on some platforms.)
  *
  * \param p     Pointer to a buffer of at least n bytes.
  *              This may be \p NULL if \p n is zero.
@@ -89,8 +92,7 @@ static inline unsigned char *mbedtls_buffer_offset(
 
 /** Return an offset into a read-only buffer.
  *
- * This is just the addition of an offset to a pointer, except that this
- * function also accepts an offset of 0 into a buffer whose pointer is null.
+ * Similar to mbedtls_buffer_offset(), but for const pointers.
  *
  * \param p     Pointer to a buffer of at least n bytes.
  *              This may be \p NULL if \p n is zero.