Identify segmentation fault with valgrind

I have this C++ program:

I have an array of size 2 which I initialize to 0.
Afterwards I am accessing an element out of bounds of the array. However, I am getting any error with valgrind.

I am compiling the code as:

g++ -g test.cpp -o test

And running valgrind with:

valgrind --leak-check=full --show-leak-kinds=all --track-origins=yes --log-file="log.txt" ./test


int main() 
{
    int foo[2] = {0};
    std::cout << foo[0] << std::endl;
    foo[5] = 12; // out of bounds

    return 0;
}

The log is:

==3560== Command: ./test
==3560== Parent PID: 3474
==3560== 
==3560== 
==3560== HEAP SUMMARY:
==3560==     in use at exit: 0 bytes in 0 blocks
==3560==   total heap usage: 2 allocs, 2 frees, 73,728 bytes allocated
==3560== 
==3560== All heap blocks were freed -- no leaks are possible
==3560== 
==3560== For lists of detected and suppressed errors, rerun with: -s
==3560== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)

Should I be getting a segmentation fault error?
Why am I not catching it with valgrind?

Kind regards

> Should I be getting a segmentation fault error?

Irrelevant on if you should, you should not expect to be getting a segmentation fault in case your code is not valid.

Because foo is on stack, it is likely foo + 5 is still inside stack memory region and not inside a protected memory region.

> Why am I not catching it with valgrind?

Valgrind is like a dynamic library that hooks C library calls, mostly for checking malloc dynamic allocation. It has no way of detecting out-of-bounds of arrays on stack.

> what is good tool for this?

Static analysis and code instrumentation. With gcc we have -fanalyzer and -fsanitize=address. There are also clang-check cppcheck etc.

+ g++ -fanalyzer -fsanitize=undefined 1.cpp
1.cpp: In function ‘int main()’:
1.cpp:6:12: warning: stack-based buffer overflow [CWE-121] [-Wanalyzer-out-of-bounds]
    6 |     foo[5] = 12; // out of bounds
      |     ~~~~~~~^~~~
  ‘int main()’: events 1-2
    |
    |    4 |     int foo[2] = {0};
    |      |         ^~~
    |      |         |
    |      |         (1) capacity: 8 bytes
    |    5 |     std::cout << foo[0] << std::endl;
    |    6 |     foo[5] = 12; // out of bounds
    |      |     ~~~~~~~~~~~
    |      |            |
    |      |            (2) out-of-bounds write from byte 20 till byte 23 but ‘foo’ ends at byte 8
    |
1.cpp:6:12: note: write of 4 bytes to beyond the end of ‘foo’
    6 |     foo[5] = 12; // out of bounds
      |     ~~~~~~~^~~~
1.cpp:6:12: note: valid subscripts for ‘foo’ are ‘[0]’ to ‘[1]’
+ ./a.out
0
1.cpp:6:10: runtime error: index 5 out of bounds for type 'int [2]'
1.cpp:6:12: runtime error: store to address 0x7ffd904e0d64 with insufficient space for an object of type 'int'
0x7ffd904e0d64: note: pointer points here
  00 20 01 00 00 00 00 00  88 0e 4e 90 fd 7f 00 00  01 00 00 00 00 00 00 00  50 98 23 42 16 7f 00 00
              ^