RtlLongLongSub - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers 
#ifndef _NTINTSAFE_H_INCLUDED_
#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP | WINAPI_PARTITION_SYSTEM | WINAPI_PARTITION_GAMES)
/////////////////////////////////////////////////////////////////////////
//
// signed operations
//
// Strongly consider using unsigned numbers.
//
// Signed numbers are often used where unsigned numbers should be used.
// For example file sizes and array indices should always be unsigned.
// (File sizes should be 64bit integers; array indices should be size_t.)
// Subtracting a larger positive signed number from a smaller positive
// signed number with RtlIntSub will succeed, producing a negative number,
// that then must not be used as an array index (but can occasionally be
// used as a pointer index.) Similarly for adding a larger magnitude
// negative number to a smaller magnitude positive number.
//
// intsafe.h does not protect you from such errors. It tells you if your
// integer operations overflowed, not if you are doing the right thing
// with your non-overflowed integers.
//
// Likewise you can overflow a buffer with a non-overflowed unsigned index.
//
#if defined(ENABLE_INTSAFE_SIGNED_FUNCTIONS)

//
// RtlLongLongSub
//
_Must_inspect_result_
__inline
NTSTATUS
RtlLongLongSub(
    _In_ LONGLONG llMinuend,
    _In_ LONGLONG llSubtrahend,
    _Out_ _Deref_out_range_(==, llMinuend - llSubtrahend) LONGLONG* pllResult
    )
{
    NTSTATUS status;
    LONGLONG llResult = llMinuend - llSubtrahend;

    //
    // Subtracting a positive number from a positive number never overflows.
    // Subtracting a negative number from a negative number never overflows.
    // If you subtract a negative number from a positive number, you expect a positive result.
    // If you subtract a positive number from a negative number, you expect a negative result.
    // Overflow if inputs vary in sign and the output does not have the same sign as the first input.
    //
    if (((llMinuend < 0) != (llSubtrahend < 0)) &&
        ((llMinuend < 0) != (llResult < 0)))
    {
        *pllResult = LONGLONG_ERROR;
        status = STATUS_INTEGER_OVERFLOW;
    }
    else
    {
        *pllResult = llResult;
        status = STATUS_SUCCESS;
    }

    return status;
}

#endif
#endif
#endif

View code on GitHub
// ntintsafe.h

NTSTATUS RtlLongLongSub(
  [in]  LONGLONG llMinuend,
  [in]  LONGLONG llSubtrahend,
  [out] LONGLONG *pllResult
);
View the official Windows Driver Kit DDI reference

NtDoc

No description available.

Edit description on GitHub

Windows Driver Kit DDI reference (nf-ntintsafe-rtllonglongsub)

RtlLongLongSub function

Description

Subtracts one value of type LONGLONG from another.

Parameters

llMinuend [in]

The value from which llSubtrahend is subtracted.

llSubtrahend [in]

The value to subtract from llMinuend.

pllResult [out]

A pointer to the result. If the operation results in a value that overflows or underflows the capacity of the type, the function returns STATUS_INTEGER_OVERFLOW and this parameter is not valid.

Return value

Returns STATUS_SUCCESS if the operation is successful.

See the implementation of this helper function in ntintsafe.h in the WDK for possible error return values.

Remarks

This is one of a set of inline functions designed to provide arithmetic operations and perform validity checks with minimal impact on performance.

This function uses the following alternate name:

View the official Windows Driver Kit DDI reference

Edit description on GitHub