Possible api miuse bms_next_member

Hi.

Per Coverity.

CID 1608872: (#1 of 1): Improper use of negative value (NEGATIVE_RETURNS)
32. negative_returns: bms_next_member(child_joinrel->relids, -1) is passed
to a parameter that cannot be negative.[show details]

CID 1608871: (#1 of 1): Out-of-bounds access (OVERRUN)
32. overrun-buffer-arg: Calling add_child_eq_member with
cur_ec->ec_childmembers and bms_next_member(child_joinrel->relids, -1) is
suspicious because of the very large index, 4294967294. The index may be
due to a negative parameter being interpreted as unsigned.

Coverity has two new reports about use of the function *bms_next_member*.
I think that he is right.

The function bms_next_member can return NEGATIVE.
So it is necessary to validate the function's return.

Attached has three patchs.

1. src/backend/optimizer/path/equivclass.c
Source of the Coverity report.

Function: add_child_join_rel_equivalences
Check the return of bms_next_member and avoid
continue if return is negative.

2. src/backend/partitioning/partprune.c
Function: make_partition_pruneinfo
Check the return of bms_next_member and avoid look if
targetpart if not found.

3. contrib/postgres_fdw/postgres_fdw.c
Function: postgresBeginForeignScan
Check the return of bms_next_member and abort if fail.

Function: postgresExplainForeignScan
Check the return of bms_next_member and abort if fail.

The patchs are attempts, not definitive fixes.

best regards,
Ranier Vilela