1.2.7.5. alpha.security.ReturnPtrRange (C)
Check for an out-of-bound pointer being returned to callers.

Examples:

static int A[10];

int *test() {
  int *p = A + 10;
  return p; // warn
}

int test(void) {
  int x;
  return x; // warn: undefined or garbage returned
}