https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95279
Jakub Jelinek <jakub at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution|--- |INVALID --- Comment #4 from Jakub Jelinek <jakub at gcc dot gnu.org> --- There is nothing wrong on addition of -1, whether signed or cast to size_t/uintptr_t, to a pointer, so if clang diagnoses that, it is buggy. When the pointer points to start of some object, the addition of -1 can be wrong, sure, but that isn't something in the testcase you've posted, there is nothing to argue about it because you've used a constant, nor could be e.g. if the pointer is initialized in some other function etc. That isn't something the undefined behavior sanitizer can diagnose, for that something needs to track the object boundaries at runtime (like e.g. -fsanitize=address does). typedef __SIZE_TYPE__ size_t; char * foo (char *p) { size_t s = -1; return p + s; } int main () { char buf[12] = "abcdefghijk"; char *p = foo (p + 1); if (p != &buf[0]) __builtin_abort (); return 0; } seems to confirm clang is buggy, or at least the sanitizer mode they are using here checks something beyond what the standard requires, because this testcase is just fine.