From cfb3b71815965054dd52a631801bef71e64ad97a Mon Sep 17 00:00:00 2001
From: Kai-Chun Ning <kaichun.ning@gmail.com>
Date: Sun, 15 May 2022 18:15:01 +0200
Subject: [PATCH 1/5] Fix out-of-bound read in memcpy calls

Signed-off-by: Kai-Chun Ning <kaichun.ning@gmail.com>
---
 src/media_drv_gen75_render.c | 2 +-
 src/media_drv_gen8_render.c  | 2 +-
 src/media_drv_hw_g75.c       | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/media_drv_gen75_render.c b/src/media_drv_gen75_render.c
index a3d60ff..51b1442 100644
--- a/src/media_drv_gen75_render.c
+++ b/src/media_drv_gen75_render.c
@@ -1453,7 +1453,7 @@ media_drv_gen75_render_init(VADriverContextP ctx)
 
     if (IS_HASWELL (drv_ctx->drv_data.device_id)) {
         memcpy(render_state->render_kernels, render_kernels_gen7_haswell,
-               sizeof(render_state->render_kernels));
+               sizeof(render_kernels_gen7_haswell));
         render_state->render_put_surface = gen7_render_put_surface;
         render_state->render_put_subpicture = gen7_render_put_subpicture;
     } else {
diff --git a/src/media_drv_gen8_render.c b/src/media_drv_gen8_render.c
index 42005ea..da349cc 100644
--- a/src/media_drv_gen8_render.c
+++ b/src/media_drv_gen8_render.c
@@ -1741,7 +1741,7 @@ media_drv_gen8_render_init(VADriverContextP ctx)
     render_state->max_wm_threads = 64;
 
     memcpy(render_state->render_kernels, render_kernels_gen8,
-           sizeof(render_state->render_kernels));
+           sizeof(render_kernels_gen8));
 
     kernel_size = 4096;
 
diff --git a/src/media_drv_hw_g75.c b/src/media_drv_hw_g75.c
index 57eddbd..080cd86 100644
--- a/src/media_drv_hw_g75.c
+++ b/src/media_drv_hw_g75.c
@@ -3325,7 +3325,7 @@ media_set_curbe_vp8_me (VP8_ME_CURBE_PARAMS * params)
   MEDIA_CURBE_DATA_ME *cmd = (MEDIA_CURBE_DATA_ME *) params->curbe_cmd_buff;
 
   media_drv_memcpy (cmd, sizeof (MEDIA_CURBE_DATA_ME), ME_CURBE_INIT_DATA,
-		    sizeof (MEDIA_CURBE_DATA_ME));
+		    sizeof (ME_CURBE_INIT_DATA));
   me_mode =
     params->
     me_16x_enabled ? (params->me_16x ? ME16x_BEFORE_ME4x : ME4x_AFTER_ME16x) :

From e832b35b32435c1b30016ef9a1774736c9f7ee05 Mon Sep 17 00:00:00 2001
From: EiPiFun <132569654+EiPiFun@users.noreply.github.com>
Date: Mon, 17 Jun 2024 11:34:22 +0800
Subject: [PATCH 2/5] Fix vaDriverInit

Direct modification of vaDriverInit_0_34 to VA_DRIVER_INIT_FUNC will make this hybrid driver unable to work with i965 driver.

Add instead of modification will solve this. Then the hybrid driver could work independently or as a plugin for i965.

Sorry for that I am not a arch user and I cannot comment at https://aur.archlinux.org/packages/intel-hybrid-codec-driver-git
---
 src/media_drv_init.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/media_drv_init.c b/src/media_drv_init.c
index 36ddce4..e45adb7 100644
--- a/src/media_drv_init.c
+++ b/src/media_drv_init.c
@@ -2774,4 +2774,13 @@ __vaDriverInit_0_34 (VADriverContextP ctx)
   return ret;
 }
 
+VAStatus DLL_EXPORT VA_DRIVER_INIT_FUNC (VADriverContextP ctx);
+VAStatus
+VA_DRIVER_INIT_FUNC (VADriverContextP ctx)
+{
+  VAStatus ret = VA_STATUS_ERROR_UNKNOWN;
+
+  ret = va_driver_init (ctx);
+  return ret;
+}
 

From 5c19ff97d591dd39d0477fa02b320356dca279a4 Mon Sep 17 00:00:00 2001
From: "Kai-Chun Ning (Github Signing key)" <kaichun.ning@gmail.com>
Date: Wed, 19 Jun 2024 14:37:41 +0200
Subject: [PATCH 3/5] Fix for gcc 10+

---
 src/media_drv_common.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/media_drv_common.h b/src/media_drv_common.h
index cc88a67..0c35ac7 100644
--- a/src/media_drv_common.h
+++ b/src/media_drv_common.h
@@ -39,6 +39,6 @@
 #define BRC_INIT_IGNORE_PICTURE_HEADER_SIZE     0x2000
 #define BRC_INIT_DISABLE_MBBRC                  0x8000
 
-UINT SEARCH_PATH_TABLE[2][8][16];
-UINT ME_CURBE_INIT_DATA[30];
+extern UINT SEARCH_PATH_TABLE[2][8][16];
+extern UINT ME_CURBE_INIT_DATA[30];
 #endif

From 9a416a656999767faf3e9a0b9689282981e11545 Mon Sep 17 00:00:00 2001
From: "Kai-Chun Ning (Github Signing key)" <kaichun.ning@gmail.com>
Date: Wed, 19 Jun 2024 14:39:18 +0200
Subject: [PATCH 4/5] driver_init: load libva-x11.so for any ABI version

---
 src/media_drv_output_dri.c | 10 ++++++++++
 src/media_drv_output_dri.h |  2 +-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/media_drv_output_dri.c b/src/media_drv_output_dri.c
index 42299b8..bbd9713 100644
--- a/src/media_drv_output_dri.c
+++ b/src/media_drv_output_dri.c
@@ -105,6 +105,15 @@ media_output_dri_init (VADriverContextP ctx)
   struct dri_vtable *dri_vtable;
 
   static const struct dso_symbol symbols[] = {
+#if VA_CHECK_VERSION(1,0,0)
+    {"va_dri_get_drawable",
+     offsetof (struct dri_vtable, get_drawable)},
+    {"va_dri_get_rendering_buffer",
+     offsetof (struct dri_vtable, get_rendering_buffer)},
+    {"va_dri_swap_buffer",
+     offsetof (struct dri_vtable, swap_buffer)},
+    {NULL,}
+#else
     {"dri_get_drawable",
      offsetof (struct dri_vtable, get_drawable)},
     {"dri_get_rendering_buffer",
@@ -112,6 +121,7 @@ media_output_dri_init (VADriverContextP ctx)
     {"dri_swap_buffer",
      offsetof (struct dri_vtable, swap_buffer)},
     {NULL,}
+#endif
   };
 
   drv_ctx->dri_output =
diff --git a/src/media_drv_output_dri.h b/src/media_drv_output_dri.h
index 0d6ccf0..91adee8 100644
--- a/src/media_drv_output_dri.h
+++ b/src/media_drv_output_dri.h
@@ -30,7 +30,7 @@
 #define _MEDIA__DRIVER_OUT_DRI_H
 #include <stdbool.h>
 #include "media_drv_defines.h"
-#define LIBVA_X11_NAME "libva-x11.so.1"
+#define LIBVA_X11_NAME "libva-x11.so.2"
 VOID media_output_dri_terminate (VADriverContextP ctx);
 BOOL media_output_dri_init (VADriverContextP ctx);
 

From b0c7970d936b6cea4d7ff985699860545c260e19 Mon Sep 17 00:00:00 2001
From: "Kai-Chun Ning (Github Signing key)" <kaichun.ning@gmail.com>
Date: Wed, 19 Jun 2024 14:41:32 +0200
Subject: [PATCH 5/5] fix null ptrs

---
 src/vp9hdec/decode_hybrid_vp9.cpp | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/vp9hdec/decode_hybrid_vp9.cpp b/src/vp9hdec/decode_hybrid_vp9.cpp
index 1baf339..7a086e2 100644
--- a/src/vp9hdec/decode_hybrid_vp9.cpp
+++ b/src/vp9hdec/decode_hybrid_vp9.cpp
@@ -3289,9 +3289,16 @@ VAStatus Intel_HybridVp9Decode_HostVldRenderCb (
 
     // Reset padding flag of current frame and update surface dimension
     surface = SURFACE(pMdfDecodeFrame->ucCurrIndex);
+    if ((surface == NULL) || (surface->private_data == NULL))
+        return VA_STATUS_ERROR_INVALID_PARAMETER;
+
     pFrameSource = (INTEL_DECODE_HYBRID_VP9_MDF_FRAME_SOURCE *)(surface->private_data);
     pCurrFrame = &(pFrameSource->Frame);
     pFrameSource->bHasPadding = false;
+
+    if (pCurrFrame->pMdfSurface == NULL)
+        return VA_STATUS_ERROR_INVALID_PARAMETER;
+
     pCurrFrame->pMdfSurface->SetSurfaceStateDimensions(
         pMdfDecodeFrame->dwWidth,
         pMdfDecodeFrame->dwHeight);