INFO: Pointer Subtraction Yields Signed Value (29197)

SUMMARY

When an application subtracts the value of one pointer from another, it uses signed arithmetic. This behavior can be confusing when the pointers differ by more than the size of a signed int value because the subtraction returns a negative result.

This behavior is expected and is documented in the Microsoft C "Language Reference" manual and in the ANSI C Standard.

MORE INFORMATION

Consider the following source code fragment:

long size;
char *ptr1, *ptr2;

if (size < (ptr2 - ptr1))
   ...

On a system where the size of an int is 16-bits, if size is 32,000, ptr1 is 0, and ptr2 is 33,000, then the result of the subtraction is too large to be represented by a signed value and becomes negative. The comparison of size with the result fails, even though ptr1 and ptr2 are farther apart than "size" elements.

This behavior is documented in the "C Language Reference" manual, on page 129 for Microsoft C/C++ version 7.0 and in the "Subtraction (-)" subsection of the "C Additive Operators" section for Microsoft Visual C++, as follows:

When two pointers are subtracted, the difference is converted to a signed integral value by dividing the difference by the size of a value of the type that the pointers address. The size of the integral value is defined by the type ptrdiff_t in the standard include file STDDEF.H.

This is also documented on page 3.3.6 of the November 9, 1987, edition of the Draft Proposed ANSI C Standard, as follows:

The size of the result is implementation-defined, and its type (a signed integral type) is ptrdiff_t defined in the <stddef.h> header. As with any other arithmetic overflow, if the result does not fit in the space provided, the behavior is undefined.

To treat a pointer as an unsigned quantity, cast it to an unsigned, as follows:

long size;
char *ptr1, *ptr2;

if (size < ((unsigned) ptr2 - (unsigned) ptr1))
   ...