https://gcc.gnu.org/bugzilla/show_bug.cgi?id=119132
--- Comment #11 from Jakub Jelinek <jakub at gcc dot gnu.org> --- The -fsanitize=undefined sanitizers diagnose undefined behavior, which &p->array[size] is not. And even as extension diagnosing it would be pointless, all non-trivial codebases have tons of such uses, I'm sure even the kernel has thousands of those. As mentioned in C99 6.5.3.2/3, there is no difference between &p->array[size] and &p->array[0] + size at the language level: "Similarly, if the operand is the result of a [] operator, neither the & operator nor the unary * that is implied by the [] is evaluated and the result is as if the & operator were removed and the [] operator were changed to a + operator." plus 6.5.2.1/2 definition of [] operator: "The definition of the subscript operator [] is that E1[E2] is identical to (*((E1)+(E2))). Because of the conversion rules that apply to the binary + operator, if E1 is an array object (equivalently, a pointer to the initial element of an array object) and E2 is an integer, E1[E2] designates the E2-th element of E1 (counting from zero)."
