From: Simon Pilgrim <llvm-dev@redking.me.uk>
Date: Wed, 27 Dec 2017 12:00:18 +0000 (+0000)
Subject: [InstCombine] Gracefully handle out of range extractelement indices
X-Git-Tag: android-x86-7.1-r4~6798
X-Git-Url: http://git.osdn.net/view?a=commitdiff_plain;h=415d43cb704272c428f60fcc6ae6ca4a9d1eb8c8;p=android-x86%2Fexternal-llvm.git

[InstCombine] Gracefully handle out of range extractelement indices

InstSimplify is responsible for handling these, but we shouldn't just assert here.

Reduced from oss-fuzz #4808 test case

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@321489 91177308-0d34-0410-b5e6-96231b3b80d8
---

diff --git a/lib/Transforms/InstCombine/InstCombineVectorOps.cpp b/lib/Transforms/InstCombine/InstCombineVectorOps.cpp
index 65a96b96522..aeac8910af6 100644
--- a/lib/Transforms/InstCombine/InstCombineVectorOps.cpp
+++ b/lib/Transforms/InstCombine/InstCombineVectorOps.cpp
@@ -181,11 +181,13 @@ Instruction *InstCombiner::visitExtractElementInst(ExtractElementInst &EI) {
   // If extracting a specified index from the vector, see if we can recursively
   // find a previously computed scalar that was inserted into the vector.
   if (ConstantInt *IdxC = dyn_cast<ConstantInt>(EI.getOperand(1))) {
-    unsigned IndexVal = IdxC->getZExtValue();
     unsigned VectorWidth = EI.getVectorOperandType()->getNumElements();
 
-    // InstSimplify handles cases where the index is invalid.
-    assert(IndexVal < VectorWidth);
+    // InstSimplify should handle cases where the index is invalid.
+    if (!IdxC->getValue().ule(VectorWidth))
+      return nullptr;
+
+    unsigned IndexVal = IdxC->getZExtValue();
 
     // This instruction only demands the single element from the input vector.
     // If the input vector has a single use, simplify it based on this use
diff --git a/test/Transforms/InstCombine/extractelement.ll b/test/Transforms/InstCombine/extractelement.ll
new file mode 100644
index 00000000000..66fbd25947d
--- /dev/null
+++ b/test/Transforms/InstCombine/extractelement.ll
@@ -0,0 +1,11 @@
+; NOTE: Assertions have been autogenerated by utils/update_test_checks.py
+; RUN: opt < %s -instcombine -S | FileCheck %s
+
+define i32 @extractelement_out_of_range(<2 x i32> %x) {
+; CHECK-LABEL: @extractelement_out_of_range(
+; CHECK-NEXT:    [[E1:%.*]] = extractelement <2 x i32> [[X:%.*]], i8 16
+; CHECK-NEXT:    ret i32 [[E1]]
+;
+  %E1 = extractelement <2 x i32> %x, i8 16
+  ret i32 %E1
+}