On Wed, 9 Apr 2025 at 15:01, Ranier Vilela <ranier...@gmail.com> wrote: > > Hi. > > Per Coverity. > > CID 1608872: (#1 of 1): Improper use of negative value (NEGATIVE_RETURNS) > 32. negative_returns: bms_next_member(child_joinrel->relids, -1) is passed to > a parameter that cannot be negative.[show details] > > CID 1608871: (#1 of 1): Out-of-bounds access (OVERRUN) > 32. overrun-buffer-arg: Calling add_child_eq_member with > cur_ec->ec_childmembers and bms_next_member(child_joinrel->relids, -1) is > suspicious because of the very large index, 4294967294. The index may be due > to a negative parameter being interpreted as unsigned. > > Coverity has two new reports about use of the function *bms_next_member*. > I think that he is right. > > The function bms_next_member can return NEGATIVE. > So it is necessary to validate the function's return.
I don't know much about the planner, but I would expect a RelOptInfo's relids field to always contain at least one relid when it's not currently being constructed; thus guaranteeing a non-negative result when looking for the first bit (as indicated by "next bit after -1"). Or did I miss something? Kind regards, Matthias van de Meent Neon (https://neon.tech)
