The description of the PR is correct in pointing out that the code accepts x and x+p < 2^256 (and similarly y and y+p < 2^256) as valid while it should only accept x and y. I believe the fix should be adding an additional check that validates if x < p && y < p. Putting it all together, I think the following change should be made:
Further to #65
https://github.com/rdubois-crypto/FreshCryptoLib/pull/65#issuecomment-2037277371