https://gcc.gnu.org/bugzilla/show_bug.cgi?id=119132
--- Comment #8 from Jakub Jelinek <jakub at gcc dot gnu.org> --- Well, the most important one is the C standard, e.g. in C99 in 6.5.6/8 ... If both the pointer operand and the result point to elements of the same array object, or one past the last element of the array object, the evaluation shall not produce an overflow; otherwise, the behavior is undefined. If the result points one past the last element of the array object, it shall not be used as the operand of a unary * operator that is evaluated. See also https://en.cppreference.com/w/c/language/operator_arithmetic#Pointer_arithmetic int *valp = &p->array[size]; is valid, *valp then is UB, but not in scope of the undefined behavior sanitizer, just address sanitizer.
