From e02f313b1f251ccb363ae1ac24016d87c1be9009 Mon Sep 17 00:00:00 2001
From: Tim Ruffing <crypto@timruffing.de>
Date: Sun, 17 Oct 2021 12:02:10 +0200
Subject: [PATCH] Add comment on length checks when parsing ECDSA sigs

I claim the check can be removed but I don't want to touch this
stable and well-tested code.

On the way, we fix grammar in another comment.
---
 src/ecdsa_impl.h | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/ecdsa_impl.h b/src/ecdsa_impl.h
index a75a0883..2aeb6f3a 100644
--- a/src/ecdsa_impl.h
+++ b/src/ecdsa_impl.h
@@ -79,8 +79,7 @@ static int secp256k1_der_read_len(size_t *len, const unsigned char **sigp, const
     }
     if (lenleft > sizeof(size_t)) {
         /* The resulting length would exceed the range of a size_t, so
-         * certainly longer than the passed array size.
-         */
+         * it is certainly longer than the passed array size. */
         return 0;
     }
     while (lenleft > 0) {
@@ -89,7 +88,9 @@ static int secp256k1_der_read_len(size_t *len, const unsigned char **sigp, const
         lenleft--;
     }
     if (*len > (size_t)(sigend - *sigp)) {
-        /* Result exceeds the length of the passed array. */
+        /* Result exceeds the length of the passed array.
+           (Checking this is the responsibility of the caller but it
+           can't hurt do it here, too.) */
         return 0;
     }
     if (*len < 128) {