compression/huffman: tighten bit_len checks (fix SUSE -O3 build)

The struct write_context bit_len attribute is always between 0 and 31,
but if the next patches are applied without this, SUSE GCC -O3 will
worry thusly:

 ../../lib/compression/lzxpress_huffman.c: In function
  ‘lzxpress_huffman_compress’:
 ../../lib/compression/lzxpress_huffman.c:953:5: error: assuming signed
  overflow does not occur when simplifying conditional to constant
  [-Werror=strict-overflow]
   if (wc->bit_len > 16) {
         ^
         cc1: all warnings being treated as errors

Inspection tell us that the invariant holds. Nevertheless, we can
safely use an unsigned type and insist that over- or under- flow is
bad.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>

1 files changed, 3 insertions, 2 deletions

diff --git a/lib/compression/lzxpress_huffman.c b/lib/compression/lzxpress_huffman.c
index ee3eb272fc0..7dd91f687fe 100644
--- a/lib/compression/lzxpress_huffman.c
+++ b/lib/compression/lzxpress_huffman.c
@@ -928,7 +928,7 @@ struct write_context {
 	size_t head;                 /* where lengths go */
 	size_t next_code;            /* where symbol stream goes */
 	size_t pending_next_code;    /* will be next_code */
-	int bit_len;
+	unsigned bit_len;
 	uint32_t bits;
 };
 
@@ -953,7 +953,8 @@ static inline bool write_bits(struct write_context *wc,
 	if (wc->bit_len > 16) {
 		uint32_t w = wc->bits >> (wc->bit_len - 16);
 		wc->bit_len -= 16;
-		if (wc->next_code + 2 > wc->dest_len) {
+		if (wc->next_code + 2 > wc->dest_len ||
+		    unlikely(wc->bit_len > 16)) {
 			return false;
 		}
 		wc->dest[wc->next_code] = w & 0xff;