https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97659
--- Comment #5 from Jonathan Wakely <redi at gcc dot gnu.org> --- (In reply to Jakub Jelinek from comment #3) > That sanitizer diagnoses > http://eel.is/c++draft/expr.add#5.3 > which still seems UB. Not since http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2020/p0593r6.html said that an array of T[n] can be implicitly created in the storage returned by the allocator. > Of course there can be bugs on the sanitizer side too; the sanitizer > generally works by scanning the shadow memory in between the two pointers > and if it finds an unaccessible byte in there (memory not part of an object, > e.g. the inter-object redzone), it shall diagnose it. I think the problem is that the unused capacity at the end of the vector is marked as inaccessible. We need to flip it to accessible again before doing that subtraction, then flip it back to inaccessible. Similarly in the vector::capacity() member function. Maybe it would be simpler to add the instrumentation in capacity() and then in the _M_range_insert function shown in comment 0, use (capacity() - size()) >= n
