Fix from review

embhorn · embhorn · commit 5f22014dddaa · 2026-04-15T14:34:45.000-05:00
diff --git a/src/tls.c b/src/tls.c
@@ -14774,7 +14774,7 @@ static int TLSX_GetSize(TLSX* list, byte* semaphore, byte msgType,
      * is added back into the word32 total.
      *
      * MAINTAINER NOTE: do NOT pass &length to any *_GET_SIZE function
-     * that expects a `word16*` out-parameter — that would be a type
+     * that expects a `word16*` out-parameter -- that would be a type
      * mismatch (UB) and would silently bypass the overflow detection
      * below. When adding a new extension case, either:
      *   - use `length += FOO_GET_SIZE(...)` when the helper returns a
diff --git a/tests/api.c b/tests/api.c
@@ -10536,7 +10536,7 @@ static int test_tls_ext_word16_overflow(void)
      * total extensions length in TLSX_GetRequestSize is exactly
      * WOLFSSL_MAX_16BIT - OPAQUE16_LEN (0xFFFD) *before* the OPAQUE16_LEN
      * block-prefix adjustment, which must succeed. This pins the `>`
-     * comparison in the overflow check — mutating it to `>=` would
+     * comparison in the overflow check -- mutating it to `>=` would
      * incorrectly reject this valid case and fail this test. */
     {
         WOLFSSL_CTX* ctx2 = NULL;

Original file line number	Diff line number	Diff line change
`@@ -14774,7 +14774,7 @@ static int TLSX_GetSize(TLSX* list, byte* semaphore, byte msgType,`
`14774`	`14774`	`* is added back into the word32 total.`
`14775`	`14775`	`*`
`14776`	`14776`	`* MAINTAINER NOTE: do NOT pass &length to any *_GET_SIZE function`
`14777`		- * that expects a `word16*` out-parameter — that would be a type
	`14777`	+ * that expects a `word16*` out-parameter -- that would be a type
`14778`	`14778`	`* mismatch (UB) and would silently bypass the overflow detection`
`14779`	`14779`	`* below. When adding a new extension case, either:`
`14780`	`14780`	* - use `length += FOO_GET_SIZE(...)` when the helper returns a
Original file line number	Diff line number	Diff line change
`@@ -10536,7 +10536,7 @@ static int test_tls_ext_word16_overflow(void)`
`10536`	`10536`	`* total extensions length in TLSX_GetRequestSize is exactly`
`10537`	`10537`	`* WOLFSSL_MAX_16BIT - OPAQUE16_LEN (0xFFFD) before the OPAQUE16_LEN`
`10538`	`10538`	* block-prefix adjustment, which must succeed. This pins the `>`
`10539`		- * comparison in the overflow check — mutating it to `>=` would
	`10539`	+ * comparison in the overflow check -- mutating it to `>=` would
`10540`	`10540`	`* incorrectly reject this valid case and fail this test. */`
`10541`	`10541`	`{`
`10542`	`10542`	`WOLFSSL_CTX* ctx2 = NULL;`