Hello, I've been working on Bitmapset and while creating a test suite for it I found that there is a missing bounds check in bms_prev_member(). The function takes the prevbit argument and converts it to an index into the words array using WORDNUM() without checking to ensure that prevbit is within the bounds of the possible values (e.g. nwords * BITS_PER_BITMAPWORD) in the set. This means that $subject resulting in a confusing return value when the expected value should be the highest bit set.
The patch attached adds a bounds check preventing this. -greg
v1-0001-Prevent-bms_prev_member-from-reading-beyond-the-e.patch
Description: Binary data
