MongoDB 4.4.7 fails to start when provided an X.509 certificate whose subject name is empty. Windows provides us with the number of subject name RDNs as an unsigned integer, from which we subtract 1. The arithmetic on value line is going to be on unsigned 32bit types. Unsigned arithmetic has defined over/underflow semantics. 0 - 1 will evaluate to a large number which can be correctly assigned to i.