The C Standard, 6.2.5, paragraph 9 11 [ISO/IEC 9899:20112024], states
A computation involving unsigned operands can never produce an overflow, because a result that cannot be represented by the resulting unsigned integer type is reduced modulo the number that is one greater than the largest value that can be represented by the resulting typearithmetic for the unsigned type is performed modulo 2^N .
This behavior is more informally called unsigned integer wrapping. Unsigned integer operations can wrap if the resulting value cannot be represented by the underlying representation of the integer. The following table indicates which operators can result in wrapping:
...
| [Bailey 2014] | Raising Lazarus - The 20 Year Old Bug that Went to Mars |
| [Dowd 2006] | Chapter 6, "C Language Issues" ("Arithmetic Boundary Conditions," pp. 211–223) |
| [ISO/IEC 9899:20112024] | Subclause 6.2.5, "Types" |
| [Seacord 2013b] | Chapter 5, "Integer Security" |
| [Viega 2005] | Section 5.2.7, "Integer Overflow" |
| [VU#551436] | |
| [Warren 2002] | Chapter 2, "Basics" |
| [Wojtczuk 2008] | |
| [xorl 2009] | "CVE-2009-1385: Linux Kernel E1000 Integer Underflow" |
...