V5005. OWASP. A value is being subtracted from the unsigned variable. This can result in an overflow. In such a case, the comparison operation can potentially behave unexpectedly.

The analyzer has detected a potential error related to an overflow.

The following operations are executed:

some value is subtracted from an unsigned variable;
the result is compared to some value (operators <, <=, >, >= are used).

If the overflow occurs during the subtraction, the check result might be different from what the programmer expects.

Here is the simple case:

unsigned A = ...;
int B = ...;
if (A - B > 1)
  Array[A - B] = 'x';

A developer wants to protect the code against the array overflow using the check, but it won't help if 'A < B'.

If A = 3 and B = 5, then 0x00000003u - 0x00000005i = FFFFFFFEu

According to the C++ standards, the 'A – B' expression has the 'unsigned int' type. It means that 'A – B' will equal 'FFFFFFFEu'. This number is higher than one. As a result, memory outside the array will be accessed.

There are two options to fix the code. First, you can use variables of signed types for calculations:

intptr_t A = ...;
intptr_t B = ...;
if (A - B > 1)
  Array[A - B] = 'x';

Second, you can change the condition: it should depend on the result we want to get and the input values. If 'B >= 0', write the following code:

unsigned A = ...;
int B = ...;
if (A > B + 1)
  Array[A - B] = 'x';

If the code is correct, disable the warning for the line using the '//-V5005' comment.

This diagnostic is classified as:

CWE-190 OWASP-5.4.3 CERT-INT30-C