https://gcc.gnu.org/bugzilla/show_bug.cgi?id=118721
Bug ID: 118721
Summary: &array[-1] not always detected with
-fsanitize=undefined
Product: gcc
Version: 15.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: pinskia at gcc dot gnu.org
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org
Target Milestone: ---
Take:
```
int main(void) {
char work[20] = {};
char *b = work;
b--;
b[2] = 1;
if (work[1] != 1)
__builtin_trap();
return 0;
}
```
GCC does not detect that after `b--;` b is no longer a valid pointer.
In the original testcase (PR 118720) `b--` is inside a function that gets
inlined.
Note clang also does not detect this but it looks like it is only GCC is where
the undefinedness matters (at least for PR 118720).
