Unsigned difference expression compared to zero¶
ID: cpp/unsigned-difference-expression-compared-zero
Kind: problem
Severity: warning
Precision: medium
Tags:
- security
- correctness
- external/cwe/cwe-191
Query suites:
- cpp-security-extended.qls
- cpp-security-and-quality.qls
Click to see the query in the CodeQL repository
This rule finds relational comparisons between the result of an unsigned subtraction and the value 0
. Such comparisons are likely to be wrong as the value of an unsigned subtraction can never be negative. So the relational comparison ends up checking whether the result of the subtraction is equal to 0
. This is probably not what the programmer intended.
Recommendation¶
If a relational comparison is intended, consider casting the result of the subtraction to a signed type. If the intention was to test for equality, consider replacing the relational comparison with an equality test.
Example¶
unsigned limit = get_limit();
unsigned total = 0;
while (limit - total > 0) { // wrong: if `total` is greater than `limit` this will underflow and continue executing the loop.
total += get_data();
}
References¶
SEI CERT C Coding Standard: INT02-C. Understand integer conversion rules.
Common Weakness Enumeration: CWE-191.