V658. Value is subtracted from unsigned variable. It can result in an overflow. In such a case, the comparison operation may behave unexpectedly.

The analyzer has detected a potential overrun.

The following operations are executed:

• some value is being subtracted from an unsigned variable;
• the result is compared to a certain value (operators <, <=, >, >= are used).

If an overrun occurs during the subtraction, the check result might be different from what the programmer expects.

Consider the simplest case:

unsigned A = ...;
int B = ...;
if (A - B > 1)
  Array[A - B] = 'x';

The programmer believes that this check will protect the code against an array overrun. But this check won't help if A < B.

Let A = 3 and B = 5;

Then 0x00000003u - 0x00000005i = FFFFFFFEu

The "A - B" expression has the "unsigned int" type according to the C++ standards. It means that "A - B" will equal FFFFFFFEu. This number is higher than one. As a result, memory outside the array's boundaries will be addressed.

There are two ways to fix the code. First, we may use variables of signed types to participate in calculations:

intptr_t A = ...;
intptr_t B = ...;
if (A - B > 1)
  Array[A - B] = 'x';

Second, we can change the condition. How exactly it should be done depends on the result we want to get and the input values. If B >= 0, we just need to write the following code:

unsigned A = ...;
int B = ...;
if (A > B + 1)
  Array[A - B] = 'x';

If the code is correct, you may turn off the diagnostic message for this line using the "//-V658" comment.

This diagnostic is classified as: