fix: reject incomplete Huffman trees with max code length > 1

[lilith]

Summary

Fixes #137.

The previous Huffman tree validation in init_tree only rejected incomplete trees when used_symbols > 1. This allowed a single symbol with a code length > 1 (e.g., code length 2 or higher) through validation, even though such a tree doesn't form a valid prefix code. zlib rejects these streams; miniz_oxide accepted them.

Changes

Over-subscription detection: Added an early left < 0 check at each code length step, matching zlib's inftrees.c logic. The previous code only checked completeness after the loop, missing cases where the tree was over-subscribed partway through.

Incomplete tree rejection: Replaced the used_symbols > 1 condition with max_code_len > 1, matching zlib's max != 1 check:

• Code length (hufflen) tables: must always be complete (unchanged)
• Literal/length and distance tables: incomplete codes are allowed only when max_code_len <= 1:
  • max_code_len == 0: all symbols unused (e.g., a distance table with no backreferences)
  • max_code_len == 1: a single symbol with a 1-bit code (e.g., an EOB-only litlen table)
• max_code_len > 1 with an incomplete tree → rejected

Reference

The fix matches zlib's inftrees.c lines 126-133:

left = 1;
for (len = 1; len <= MAXBITS; len++) {
    left <<= 1;
    left -= count[len];
    if (left < 0) return -1;        /* over-subscribed */
}
if (left > 0 && (type == CODES || max != 1))
    return -1;                      /* incomplete set */

Test plan

• Added regression test issue_137_reject_incomplete_litlen_tree with exact vector from miniz_oxide accepts invalid literal/length trees #137
• All 53 existing tests pass (including decompress_empty_dynamic which exercises valid single-symbol incomplete tables)
• Verified the corrupt input from miniz_oxide accepts invalid literal/length trees #137 is rejected by both zlib (via Python zlib.decompress()) and the fixed miniz_oxide

[oyvindln]

Seems good

Thanks for fixing this