[master] e4ce8c0 In C enums are integertyped, but it is up to the compiler to decide if they are signed or unsigned.

[Poul-Henning Kamp]

commit e4ce8c019442e7dc8db208ca94cd1fd771276223
Author: Poul-Henning Kamp <phk at FreeBSD.org>
Date:   Fri Sep 9 09:13:57 2016 +0000

    In C enums are integertyped, but it is up to the compiler to decide
    if they are signed or unsigned.
    
    Range-check enums is sound programming practice, but that concept
    seems to be beyond the imagination of certain compiler people:
    
       vhp_decode.c:96:2: error: comparison of unsigned expression >= 0 is always true [-Werror=type-limits]
    
    Add a dummy "MIN" value to the enum, give it value -1 to force
    the compiler to use signed ints for the enum, and then check
    that they're never negative.

diff --git a/bin/varnishd/hpack/vhp_decode.c b/bin/varnishd/hpack/vhp_decode.c
index 49a0e74..15e05fd 100644
--- a/bin/varnishd/hpack/vhp_decode.c
+++ b/bin/varnishd/hpack/vhp_decode.c
@@ -70,6 +70,7 @@ enum vhd_func_e {
 
 /* States */
 enum vhd_state_e {
+	VHD_S__MIN = -1,
 #define VHD_FSM(STATE, FUNC, arg1, arg2)	\
 	VHD_S_##STATE,
 #include "tbl/vhd_fsm.h"
@@ -93,7 +94,7 @@ static void
 vhd_set_state(struct vhd_decode *d, enum vhd_state_e state)
 {
 	AN(d);
-	assert(state >= 0 && state < VHD_S__MAX);
+	assert(state > VHD_S__MIN && state < VHD_S__MAX);
 	d->state = state;
 	d->first = 1;
 }