diff --git a/library/core/src/str/lossy.rs b/library/core/src/str/lossy.rs
index d2dc650910f63..d3aff090fb6e8 100644
--- a/library/core/src/str/lossy.rs
+++ b/library/core/src/str/lossy.rs
@@ -102,6 +102,10 @@ impl<'a> Utf8Chunk<'a> {
     #[must_use]
     #[stable(feature = "utf8_chunks", since = "1.79.0")]
     pub fn invalid(&self) -> &'a [u8] {
+        // SAFETY: The invariant that `self.invalid.len() <= 3` is upheld by
+        // the implementation of `Utf8Chunks::next()`, which is the only way to
+        // construct a `Utf8Chunk`.
+        unsafe { crate::hint::assert_unchecked(self.invalid.len() <= 3) };
         self.invalid
     }
 }
@@ -286,6 +290,9 @@ impl<'a> Iterator for Utf8Chunks<'a> {
         // `valid_up_to = i` and `i` only increases.
         let (valid, invalid) = unsafe { inspected.split_at_unchecked(valid_up_to) };
 
+        // In UTF-8, the longest possible invalid sequence is 3 bytes long.
+        debug_assert!(invalid.len() <= 3);
+
         Some(Utf8Chunk {
             // SAFETY: All bytes up to `valid_up_to` are valid UTF-8.
             valid: unsafe { from_utf8_unchecked(valid) },