http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59148
--- Comment #3 from Alexander Potapenko <glider at google dot com> --- GCC emits calls to __strcpy_chk and __strncpy_chk in this test, which happens because of source fortification being on by default on Darwin. In Clang we're passing -D_FORTIFY_SOURCE=0 when compiling with -fsanitize=address. I've checked that manually adding -D_FORTIFY_SOURCE=0 fixes strncpy-overflow-1.c Jack, can you please make the changes in the GCC driver?