It was known that there are going to be bugs to work through, many of them relatively benign like the leaks of data near string constants (probably other string constants) in rodata. It makes sense to have it default to WARN with BUG / noreturn as a non-default configuration option for it, I guess with !COMPILE_TEST like UBSAN_SANITIZE_ALL. I don't think there's any sane way to bound the length of either reads / writes. It needs to either WARN + continue on into doing the overflow or use BUG. Trying to correct it might make things worse and would make this more complicated / bug-prone. It already has enough subtle edge cases to deal with.
I think 'benign' is a better term than 'false positive' because there hasn't been a non-bug found yet. They're mostly not security vulns but they're undefined behavior.
