smartlist functions contain bogus overflow checks

In smartlist_ensure_capacity, in src/common/container.c:

  if (size > sl->capacity) {
    int higher = sl->capacity * 2;
    while (size > higher)
      higher *= 2;
    tor_assert(higher > 0); /* detect overflow */

Overflow of a signed integer produces undefined results. I would be surprised if GCC doesn't optimize this comparison out, just for the sake of conjuring nasal demons at people who don't code with a copy of the C ‘standard’ at hand.