[Scalarizer] Fix out-of-bounds crash (#180359)

When processing an extractelement instruction with an index that exceeds the vector size (e.g., extracting index 2147483647 from a 4-element vector), the scalarizer would calculate an out-of-bounds Fragment index and crash with an assertion failure in `SmallVector::operator[]`. This PR adds a bounds check in `ScalarizerVisitor::visitExtractElementInst` to prevent a crash when the extractelement index is out of bounds. Fixes #179880
2026-02-21 23:25:30 +05:30 · 2026-02-21 23:25:30 +05:30 · 6e0054aa51
commit 6e0054aa51
parent a67bf7d796
2 changed files with 12 additions and 0 deletions
--- a/llvm/lib/Transforms/Scalar/Scalarizer.cpp
+++ b/llvm/lib/Transforms/Scalar/Scalarizer.cpp
@ -1133,6 +1133,8 @@ bool ScalarizerVisitor::visitExtractElementInst(ExtractElementInst &EEI) {

  if (auto *CI = dyn_cast<ConstantInt>(ExtIdx)) {
    unsigned Idx = CI->getZExtValue();
+    if (Idx >= VS->VecTy->getNumElements())
+      return false;
    unsigned Fragment = Idx / VS->NumPacked;
    Value *Res = Op0[Fragment];
    bool IsPacked = VS->NumPacked > 1;
--- a/llvm/test/Transforms/Scalarizer/constant-extractelement.ll
+++ b/llvm/test/Transforms/Scalarizer/constant-extractelement.ll
@ -16,3 +16,13 @@ define i32 @f1(ptr %src, i32 %index) {
  %val2 = extractelement <4 x i32> %val1, i32 3
  ret i32 %val2
 }
+
+; Test that out-of-bounds extractelement doesn't crash the scalarizer.
+define ptr @oob_extract() {
+; ALL-LABEL: @oob_extract(
+; ALL-NEXT:    [[E:%.*]] = extractelement <4 x ptr> zeroinitializer, i32 100
+; ALL-NEXT:    ret ptr [[E]]
+;
+  %E = extractelement <4 x ptr> zeroinitializer, i32 100
+  ret ptr %E
+}