Time to retire SIZE_T_CEILING?
Back in a980446d, we added a maximum value for any size_t that we would accept in tor_malloc() or tor_realloc(). If you pass those functions a value greater than SSIZE_MAX - 16, we assume that you probably had an integer underflow or something , and you need to hit an assertion.
But this check is silly, isn't it? malloc() will usually refuse to give you that much memory, and our post-malloc assertion will catch it. On the other hand, if malloc would give you that much memory, then who are we to argue with it?