compression/huffman: tighten bit_len checks (fix SUSE -O3 build)

The struct write_context bit_len attribute is always between 0 and 31,
but if the next patches are applied without this, SUSE GCC -O3 will
worry thusly:

 ../../lib/compression/lzxpress_huffman.c: In function
  ‘lzxpress_huffman_compress’:
 ../../lib/compression/lzxpress_huffman.c:953:5: error: assuming signed
  overflow does not occur when simplifying conditional to constant
  [-Werror=strict-overflow]
   if (wc->bit_len > 16) {
         ^
         cc1: all warnings being treated as errors

Inspection tell us that the invariant holds. Nevertheless, we can
safely use an unsigned type and insist that over- or under- flow is
bad.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>

diff --git a/lib/compression/lzxpress_huffman.c b/lib/compression/lzxpress_huffman.c
index ee3eb272fc039a932806baf9f4ab59aec6ea6b9c..7dd91f687fe79723fb8b60d5e0609549181035e1 100644 (file)
--- a/lib/compression/lzxpress_huffman.c
+++ b/lib/compression/lzxpress_huffman.c
@@ -928,7 +928,7 @@ struct write_context {
        size_t head;                 /* where lengths go */
        size_t next_code;            /* where symbol stream goes */
        size_t pending_next_code;    /* will be next_code */
-       int bit_len;
+       unsigned bit_len;
        uint32_t bits;
 };
 
@@ -953,7 +953,8 @@ static inline bool write_bits(struct write_context *wc,
        if (wc->bit_len > 16) {
                uint32_t w = wc->bits >> (wc->bit_len - 16);
                wc->bit_len -= 16;
-               if (wc->next_code + 2 > wc->dest_len) {
+               if (wc->next_code + 2 > wc->dest_len ||
+                   unlikely(wc->bit_len > 16)) {
                        return false;
                }
                wc->dest[wc->next_code] = w & 0xff;