Some bounds checks are elided by Apple's compiler and possibly others
Although triggered by a compiler optimization, this is a bug in Cap’n Proto, not the compiler.
To most observers, this code would appear to be correct. However, as it turns out, pointer arithmetic that overflows is undefined behavior under the C standard. As a result, the compiler is allowed to assume that the addition on the first line never overflows.