https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105592
--- Comment #3 from Jakub Jelinek <jakub at gcc dot gnu.org> --- Note, the -fsanitize=bounds instrumentation is done when taking the address, at that point the compiler doesn't know if it will be dereferenced or not, and especially with -O0 it won't at all. As #c2 says, this may then be caught in ASan instead. Or when optimizing -fsanitize=object-size can catch that too. Or if you just return a[1];
