Indeed, otherwise the CVE database wouldn't be full of exploits due to off-by-ones memory corruption issues.

By the way, it is sooo easy to test for them,

https://googleprojectzero.blogspot.com/2021/12/this-shouldnt...