It's not undefined behavior, but it is implementation-defined behavior [0]:
Indirection through an invalid pointer value and passing an invalid pointer value to a deallocation function have undefined behavior. Any other use of an invalid pointer value has implementation-defined behavior.
cppreference.com hosts references for both the C and C++ languages. My quote is from the C language part of the site.
Furthermore, we are not discussing operations on an invalid pointer value. We are talking about the addition operator operating with a pointer value and when its behaviour is defined.
Lastly, it is your reference here that is to a C++ language draft, not the C language.
What is the difference between "operations with an invalid pointer value" and "addition operator operating with a pointer value"?
EDIT (since I can't reply yet):
Official C standard documents are surprisingly hard to come by. The only place I've found one was genesis. Here's a direct quote about pointer arithmetic from ISO/IEC 9899: 1990, page 47:
---
When an expression that has integral type is added to or subtracted from a pointer, the result has the type of the pointer operand.
If the pointer operand points to an element of an array object, and the array is large enough, the result points to an element offset from the original element such that the difference of the subscripts of the resulting and original array elements equals the integral expression. In other words, if the expression P points to the i-th element of an array object, the expressions (P)+N (equivalently. N+(P) ) and (P)-N (where N has the value n) point to, respectively, the i+n-th and i-n-th elements of the array object, provided they exist.
Moreover, if the expression P points to the last element of an array object, the expression (P)+1 points one past the last element of the array object, and if the expression Q points one past the last element of an array object, the expression (Q)-1 points to the last element of the array object.
If both the pointer operand and the result point to elements of the same array object, or one past the last element of the array object, the evaluation shall not produce an overflow; otherwise, the behavior is undefined.
Unless both the pointer operand and the result point to elements of the same array object, or the pointer operand points one past the last element of an array object and the result points to an element of the same array object, the behavior is undefined if the result is used as an operand of the unary * operator.
---
Maybe I just suck at reading technical documents, but I can't figure out which part says that storing an invalid pointer is undefined behavior. Would you care to point it out for me?
If both the pointer operand and the result point to elements of the same array object, or one past the last element of the array object, the evaluation shall not produce an overflow; otherwise, the behavior is undefined.
This is that part that says the result of addition is undefined unless both the original pointer and the result point to the same array object (or one past the last element).
In case it's not obvious how this can happen, it's because the promotion rules can turn them into signed ints, and if they're big enough the product can overflow that. For more details, see https://cryptoservices.github.io/fde/2018/11/30/undefined-be...
In our example here the argument `pfds` to the addition operator in the expression `pfds + p` is (presumably) a perfectly valid pointer. And `p` is a perfectly valid `int`. So there are no invalid pointers passed as arguments to the addition operation. You might think the result of the addition expression is an invalid pointer, but the result is simply undefined behaviour.
Typically an invalid pointer is created by deallocating some memory, which transforms previously valid pointers to the memory into invalid pointers without the pointer values themselves changing their value.
Also note that you've quoted C++ reference. Just another example of where C++ stops being "compatible" with C.