From c57dc62362e0f1deb4c29bc725d9f2f73a5376f6 Mon Sep 17 00:00:00 2001
From: "Carl.Zhang" <carl.zhang@intel.com>
Date: Thu, 23 Apr 2026 15:47:37 +0800
Subject: [PATCH 1/4] va: reject NULL display in vaGetDisplayWl()

Add a null-pointer check for the display parameter at the entry of vaGetDisplayWl(), returning NULL
immediately instead of proceeding to backend initialization which would crash with a null
dereference.

This aligns the Wayland constructor with the X11 and DRM constructors which already validate their
native display/fd arguments early.

Signed-off-by: Carl.Zhang <carl.zhang@intel.com>
---
 va/wayland/va_wayland.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/va/wayland/va_wayland.c b/va/wayland/va_wayland.c
index 759b05517..2f4c42cc9 100644
--- a/va/wayland/va_wayland.c
+++ b/va/wayland/va_wayland.c
@@ -116,6 +116,9 @@ vaGetDisplayWl(struct wl_display *display)
     struct VADriverVTableWayland *vtable;
     unsigned int i;
 
+    if (!display)
+        return NULL;
+
     pDisplayContext = va_newDisplayContext();
     if (!pDisplayContext)
         return NULL;

From f989a2fc2ecbc3682d6706e39b4ade5ac8ae3d74 Mon Sep 17 00:00:00 2001
From: "Carl.Zhang" <carl.zhang@intel.com>
Date: Thu, 23 Apr 2026 15:50:39 +0800
Subject: [PATCH 2/4] va: validate inputs in vaSetDriverName() before use

Add CHECK_DISPLAY(dpy) before CTX(dpy) to validate the display handle,
and add a NULL check for driver_name before calling strlen(). Without
these guards, passing NULL for either argument causes a null-pointer
dereference instead of returning a proper error status.

This aligns vaSetDriverName() with the validation pattern used by
other public APIs in va.c.

Signed-off-by: Carl.Zhang <carl.zhang@intel.com>
---
 va/va.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/va/va.c b/va/va.c
index d87661aae..15b3e5212 100644
--- a/va/va.c
+++ b/va/va.c
@@ -627,9 +627,10 @@ VAStatus vaSetDriverName(
     VADriverContextP ctx;
     VAStatus vaStatus = VA_STATUS_SUCCESS;
     char *override_driver_name = NULL;
+    CHECK_DISPLAY(dpy);
     ctx = CTX(dpy);
 
-    if (strlen(driver_name) == 0 || strlen(driver_name) >= 256) {
+    if (!driver_name || strlen(driver_name) == 0 || strlen(driver_name) >= 256) {
         vaStatus = VA_STATUS_ERROR_INVALID_PARAMETER;
         va_errorMessage(dpy, "vaSetDriverName returns %s\n",
                         vaErrorStr(vaStatus));

From 1b73959880417f4d60ae06a5f68e6155ff04d90b Mon Sep 17 00:00:00 2001
From: "Zhang, Xinfeng" <carl.zhang@intel.com>
Date: Thu, 23 Apr 2026 22:25:33 +0800
Subject: [PATCH 3/4] Revert "va: validate inputs in vaSetDriverName() before
 use"

This reverts commit f989a2fc2ecbc3682d6706e39b4ade5ac8ae3d74.
---
 va/va.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/va/va.c b/va/va.c
index 15b3e5212..d87661aae 100644
--- a/va/va.c
+++ b/va/va.c
@@ -627,10 +627,9 @@ VAStatus vaSetDriverName(
     VADriverContextP ctx;
     VAStatus vaStatus = VA_STATUS_SUCCESS;
     char *override_driver_name = NULL;
-    CHECK_DISPLAY(dpy);
     ctx = CTX(dpy);
 
-    if (!driver_name || strlen(driver_name) == 0 || strlen(driver_name) >= 256) {
+    if (strlen(driver_name) == 0 || strlen(driver_name) >= 256) {
         vaStatus = VA_STATUS_ERROR_INVALID_PARAMETER;
         va_errorMessage(dpy, "vaSetDriverName returns %s\n",
                         vaErrorStr(vaStatus));

From 6fa5ef4ca66a37a97b27d0337b51901b9e9d6989 Mon Sep 17 00:00:00 2001
From: "Zhang, Xinfeng" <carl.zhang@intel.com>
Date: Thu, 23 Apr 2026 22:25:33 +0800
Subject: [PATCH 4/4] Revert "va: reject NULL display in vaGetDisplayWl()"

This reverts commit c57dc62362e0f1deb4c29bc725d9f2f73a5376f6.
---
 va/wayland/va_wayland.c | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/va/wayland/va_wayland.c b/va/wayland/va_wayland.c
index 2f4c42cc9..759b05517 100644
--- a/va/wayland/va_wayland.c
+++ b/va/wayland/va_wayland.c
@@ -116,9 +116,6 @@ vaGetDisplayWl(struct wl_display *display)
     struct VADriverVTableWayland *vtable;
     unsigned int i;
 
-    if (!display)
-        return NULL;
-
     pDisplayContext = va_newDisplayContext();
     if (!pDisplayContext)
         return NULL;