V658. Value is subtracted from unsigned variable. It can result in an overflow. In such a case, the comparison operation may behave unexpectedly.
The analyzer has detected a potential overrun.
The following operations are executed:
- some value is being subtracted from an unsigned variable;
- the result is compared to a certain value (operators <, <=, >, >= are used).
If an overrun occurs during the subtraction, the check result might be different from what the programmer expects.
Consider the simplest case:
unsigned A = ...; int B = ...; if (A - B > 1) Array[A - B] = 'x';
The programmer believes that this check will protect the code against an array overrun. But this check won't help if A < B.
Let A = 3 and B = 5;
Then 0x00000003u - 0x00000005i = FFFFFFFEu
The "A - B" expression has the "unsigned int" type according to the C++ standards. It means that "A - B" will equal FFFFFFFEu. This number is higher than one. As a result, memory outside the array's boundaries will be addressed.
There are two ways to fix the code. First, we may use variables of signed types to participate in calculations:
intptr_t A = ...; intptr_t B = ...; if (A - B > 1) Array[A - B] = 'x';
Second, we can change the condition. How exactly it should be done depends on the result we want to get and the input values. If B >= 0, we just need to write the following code:
unsigned A = ...; int B = ...; if (A > B + 1) Array[A - B] = 'x';
If the code is correct, you may turn off the diagnostic message for this line using the "//-V658" comment.
This diagnostic is classified as:
You can look at examples of errors detected by the V658 diagnostic.