Add Asserts to validate prevbit values in bms_prev_member

bms_prev_member() could attempt to access memory outside of the words[] array in cases where the prevbit was a number < -1 or > a->nwords * BITS_PER_BITMAPWORD + 1. Here we add the Asserts to help draw attention to bogus callers so we're more likely to catch them during development. In passing, fix wording of bms_prev_member's header comment which talks about how we expect the callers to ensure only valid prevbit values are used. Author: Greg Burd <greg@burd.me> Reviewed-by: David Rowley <dgrowleyml@gmail.com> Reviewed-by: Tom Lane <tgl@sss.pgh.pa.us> Discussion: https://postgr.es/m/2000A717-1FFE-4031-827B-9330FB2E9065%40getmailspring.com
2025-10-16 17:07:43 +03:00 · 2025-08-15 16:33:07 +12:00
parent 69f75d6714
commit b4632883d4
1 changed files with 5 additions and 1 deletions
--- a/src/backend/nodes/bitmapset.c
+++ b/src/backend/nodes/bitmapset.c
@@ -1343,7 +1343,7 @@ bms_next_member(const Bitmapset *a, int prevbit)
 *
 * Returns largest member less than "prevbit", or -2 if there is none.
 * "prevbit" must NOT be more than one above the highest possible bit that can
- * be set at the Bitmapset at its current size.
+ * be set in the Bitmapset at its current size.
 *
 * To ease finding the highest set bit for the initial loop, the special
 * prevbit value of -1 can be passed to have the function find the highest
@@ -1379,6 +1379,10 @@ bms_prev_member(const Bitmapset *a, int prevbit)
 	if (a == NULL || prevbit == 0)
 		return -2;

+	/* Validate callers didn't give us something out of range */
+	Assert(prevbit <= a->nwords * BITS_PER_BITMAPWORD);
+	Assert(prevbit >= -1);
+
 	/* transform -1 to the highest possible bit we could have set */
 	if (prevbit == -1)
 		prevbit = a->nwords * BITS_PER_BITMAPWORD - 1;