https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110527
--- Comment #2 from Jakub Jelinek <jakub at gcc dot gnu.org> --- As mentioned, ASan can reliably detect out of bounds accesses into the fairly small redzone around variables, for out of bounds accesses with larger distance it is a lottery whether one hits some other variable or whatever other valid memory or something marked as inaccessible (another redzone etc.). -fsanitize=undefined detects this out of bounds access and you can use both at the same time, -fsanitize=address,undefined or just -fsanitize=address,bounds
