Re: [PATCH] bms_prev_member() can read beyond the end of the array of allocated words

On Fri, 15 Aug 2025 at 01:21, Greg Burd <greg@burd.me> wrote:
> I've been working on Bitmapset and while creating a test suite for it I
> found that there is a missing bounds check in bms_prev_member(). The
> function takes the prevbit argument and converts it to an index into the
> words array using WORDNUM() without checking to ensure that prevbit is
> within the bounds of the possible values (e.g. nwords *
> BITS_PER_BITMAPWORD) in the set.  This means that $subject resulting in
> a confusing return value when the expected value should be the highest
> bit set.

There's a comment saying:

 * "prevbit" must NOT be more than one above the highest possible bit that can
 * be set at the Bitmapset at its current size.

So looks like it's the fault of the calling code and not an issue with
bms_prev_member().

David