V658. A value is being subtracted from the unsigned variable. This can result in an overflow. In such a case, the comparison operation can potentially behave unexpectedly.


The analyzer has detected a potential overrun.

The following operations are executed:

  • some value is being subtracted from an unsigned variable;
  • the result is compared to a certain value (operators <, <=, >, >= are used).

If an overrun occurs during the subtraction, the check result might be different from what the programmer expects.

Consider the simplest case:

unsigned A = ...;
int B = ...;
if (A - B > 1)
  Array[A - B] = 'x';

The programmer believes that this check will protect the code against an array overrun. But this check won't help if A < B.

Let A = 3 and B = 5;

Then 0x00000003u - 0x00000005i = FFFFFFFEu

The "A - B" expression has the "unsigned int" type according to the C++ standards. It means that "A - B" will equal FFFFFFFEu. This number is higher than one. As a result, memory outside the array's boundaries will be addressed.

There are two ways to fix the code. First, we may use variables of signed types to participate in calculations:

intptr_t A = ...;
intptr_t B = ...;
if (A - B > 1)
  Array[A - B] = 'x';

Second, we can change the condition. How exactly it should be done depends on the result we want to get and the input values. If B >= 0, we just need to write the following code:

unsigned A = ...;
int B = ...;
if (A > B + 1)
  Array[A - B] = 'x';

If the code is correct, you may turn off the diagnostic message for this line using the "//-V658" comment.

According to Common Weakness Enumeration, potential errors found by using this diagnostic are classified as CWE-190.


Bugs Found

Checked Projects
344
Collected Errors
12 970