https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105405
--- Comment #3 from Jakub Jelinek <jakub at gcc dot gnu.org> --- I think that is just misunderstanding on how ASan works and what it can protect. It adds red zone around vars, so that access right after end of var or before start of var is reported. But the red zone is quite small and needs to be if we don't want to blow the whole stack, so if the overflow is farther away and you are unlucky enough to reaching another var, it won't be diagnosed. -fsanitize=undefined
