https://gcc.gnu.org/bugzilla/show_bug.cgi?id=119132
--- Comment #4 from Kees Cook <kees at outflux dot net> --- (In reply to Andrew Pinski from comment #2) > Take the address of one outside of the array is valid and well defined. > > That is: > &p->array[3]; > > is always valid and well defined. This isn't about taking the address -- it's about calculating the address. The _bounds_ sanitizer should be checking the array index. 3 is out of bounds. And it sees that 4 is out of bounds. > But then you need address sanitizer to see that deferencing the pointer is > invalid. That specifically wouldn't work here because the pointer _is_ valid. I included enough space in the calloc() for that to be valid. It's the indexing past the array size that is the problem.
