Comment by rurban

The compiler knows about the sizes by either statically allocated sizes (_FORTIFY_SOURCE=2, __builtin_object_size) or malloc'ed sizes (_FORTIFY_SOURCE=3, __builtin_dynamic_object_size). See e.g. https://developers.redhat.com/articles/2022/09/17/gccs-new-f...

Since the user is mostly wrong with memory bounds, the compiler checks it also. And with clang even allows user-defined warnings.

We all known that C programmers know it better, and hate bounds-checks, that's why there are so many out-of-bounds errors still.