• CodeQL query help documentation »
• CodeQL query help for C and C++ »

Unsigned difference expression compared to zero

ID: cpp/unsigned-difference-expression-compared-zero Kind: problem Security severity: 9.8 Severity: warning Precision: high Tags: - security - correctness - external/cwe/cwe-191 Query suites: - cpp-code-scanning.qls - cpp-security-extended.qls - cpp-security-and-quality.qls 

Click to see the query in the CodeQL repository

This rule finds relational comparisons between the result of an unsigned subtraction and the value 0. Such comparisons are likely to be wrong as the value of an unsigned subtraction can never be negative. So the relational comparison ends up checking whether the result of the subtraction is equal to 0. This is probably not what the programmer intended.

Recommendation

If a relational comparison is intended, consider casting the result of the subtraction to a signed type. If the intention was to test for equality, consider replacing the relational comparison with an equality test.

Example

uint32_tlimit=get_limit();uint32_ttotal=0;while(limit-total>0){// BAD: if `total` is greater than `limit` this will underflow and continue executing the loop.total+=get_data();}while(total<limit){// GOOD: never underflows here because there is no arithmetic.total+=get_data();}while((int64_t)limit-total>0){// GOOD: never underflows here because the result always fits in an `int64_t`.total+=get_data();}

References

• SEI CERT C Coding Standard: INT02-C. Understand integer conversion rules.

• Common Weakness Enumeration: CWE-191.

• © GitHub, Inc.
• Terms
• Privacy