@@ -3566,6 +3566,14 @@ _int_malloc (mstate av, size_t bytes)
while ((pp = catomic_compare_and_exchange_val_acq (fb, victim->fd, victim)) \
!= victim); \
+ /* _int_malloc can be inlined to a caller with a constant size
+ argument. In this case, the compiler will see an out-of-bounds
+ array access in the true branch of the if statement below if it
+ cannot show that global_max_fast cannot be larger than
+ MAX_FAST_SIZE. The assert shows the compiler that this cannot
+ happen. */
+ assert (!__builtin_constant_p (nb) || global_max_fast <= MAX_FAST_SIZE);
+
if ((unsigned long) (nb) <= (unsigned long) (get_max_fast ()))
{
idx = fastbin_index (nb);