From 204eb96d2f2d46250362ec5901fdfcbafbcd9fbd Mon Sep 17 00:00:00 2001
From: Daniel Pouzzner <douzzer@wolfssl.com>
Date: Tue, 14 Oct 2025 16:29:15 -0500
Subject: [PATCH] src/ssl.c: fix overflow/overrun defect in wolfSSL_writev().

---
 src/ssl.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 9241ae5c1..0f0f5a5ad 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -11549,15 +11549,17 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
         #endif
             byte* myBuffer  = staticBuffer;
             int   dynamic   = 0;
-            word32 sending   = 0;
-            int   idx       = 0;
+            size_t sending   = 0;
+            size_t idx       = 0;
             int   i;
             int   ret;
 
             WOLFSSL_ENTER("wolfSSL_writev");
 
             for (i = 0; i < iovcnt; i++)
-                sending += iov[i].iov_len;
+                if (! WC_SAFE_SUM_UNSIGNED(size_t, sending, iov[i].iov_len,
+                                           sending))
+                    return BUFFER_E;
 
             if (sending > sizeof(staticBuffer)) {
                 myBuffer = (byte*)XMALLOC(sending, ssl->heap,