diff --git a/src/gallium/frontends/va/image.c b/src/gallium/frontends/va/image.c
index bd92415dac2..fe101bf4e91 100644
--- a/src/gallium/frontends/va/image.c
+++ b/src/gallium/frontends/va/image.c
@@ -575,7 +575,7 @@ vlVaGetImage(VADriverContextP ctx, VASurfaceID surface, int x, int y,
       return VA_STATUS_ERROR_OPERATION_FAILED;
    }
 
-   for (i = 0; i < vaimage->num_planes; i++) {
+   for (i = 0; i < MIN2(vaimage->num_planes, 3); i++) {
       data[i] = ((uint8_t*)img_buf->data) + vaimage->offsets[i];
       pitches[i] = vaimage->pitches[i];
    }
@@ -709,7 +709,7 @@ vlVaPutImage(VADriverContextP ctx, VASurfaceID surface, VAImageID image,
       return VA_STATUS_ERROR_OPERATION_FAILED;
    }
 
-   for (i = 0; i < vaimage->num_planes; i++) {
+   for (i = 0; i < MIN2(vaimage->num_planes, 3); i++) {
       data[i] = ((uint8_t*)img_buf->data) + vaimage->offsets[i];
       pitches[i] = vaimage->pitches[i];
    }
diff --git a/src/gallium/frontends/va/picture_h264_enc.c b/src/gallium/frontends/va/picture_h264_enc.c
index 2377b7df1d6..28084c82cbb 100644
--- a/src/gallium/frontends/va/picture_h264_enc.c
+++ b/src/gallium/frontends/va/picture_h264_enc.c
@@ -51,6 +51,9 @@ vlVaHandleVAEncPictureParameterBufferTypeH264(vlVaDriver *drv, vlVaContext *cont
    context->desc.h264enc.p_remain = context->desc.h264enc.gop_size - context->desc.h264enc.gop_cnt - context->desc.h264enc.i_remain;
 
    coded_buf = handle_table_get(drv->htab, h264->coded_buf);
+   if (!coded_buf)
+      return VA_STATUS_ERROR_INVALID_BUFFER;
+
    if (!coded_buf->derived_surface.resource)
       coded_buf->derived_surface.resource = pipe_buffer_create(drv->pipe->screen, PIPE_BIND_VERTEX_BUFFER,
                                             PIPE_USAGE_STAGING, coded_buf->size);
diff --git a/src/gallium/frontends/va/picture_hevc_enc.c b/src/gallium/frontends/va/picture_hevc_enc.c
index 1fa5eb7159a..f379007d1fc 100644
--- a/src/gallium/frontends/va/picture_hevc_enc.c
+++ b/src/gallium/frontends/va/picture_hevc_enc.c
@@ -53,6 +53,8 @@ vlVaHandleVAEncPictureParameterBufferTypeHEVC(vlVaDriver *drv, vlVaContext *cont
 
    context->desc.h265enc.pic_order_cnt = h265->decoded_curr_pic.pic_order_cnt;
    coded_buf = handle_table_get(drv->htab, h265->coded_buf);
+   if (!coded_buf)
+      return VA_STATUS_ERROR_INVALID_BUFFER;
 
    if (!coded_buf->derived_surface.resource)
       coded_buf->derived_surface.resource = pipe_buffer_create(drv->pipe->screen, PIPE_BIND_VERTEX_BUFFER,
diff --git a/src/gallium/frontends/va/picture_mjpeg.c b/src/gallium/frontends/va/picture_mjpeg.c
index 383e7b188cf..09c6fb9bb0e 100644
--- a/src/gallium/frontends/va/picture_mjpeg.c
+++ b/src/gallium/frontends/va/picture_mjpeg.c
@@ -38,7 +38,9 @@ void vlVaHandlePictureParameterBufferMJPEG(vlVaDriver *drv, vlVaContext *context
    context->desc.mjpeg.picture_parameter.picture_width = mjpeg->picture_width;
    context->desc.mjpeg.picture_parameter.picture_height = mjpeg->picture_height;
 
-   for (i = 0; i < mjpeg->num_components; ++i) {
+   STATIC_ASSERT(sizeof(mjpeg->components) ==
+                 sizeof(context->desc.mjpeg.picture_parameter.components));
+   for (i = 0; i < MIN2(mjpeg->num_components, ARRAY_SIZE(mjpeg->components)); ++i) {
       context->desc.mjpeg.picture_parameter.components[i].component_id =
          mjpeg->components[i].component_id;
       context->desc.mjpeg.picture_parameter.components[i].h_sampling_factor =
@@ -79,6 +81,8 @@ void vlVaHandleHuffmanTableBufferType(vlVaContext *context, vlVaBuffer *buf)
 
    assert(buf->size >= sizeof(VASliceParameterBufferJPEGBaseline) && buf->num_elements == 1);
 
+   STATIC_ASSERT(sizeof(mjpeg->load_huffman_table) ==
+                 sizeof(context->desc.mjpeg.huffman_table.load_huffman_table));
    for (i = 0; i < 2; ++i) {
       context->desc.mjpeg.huffman_table.load_huffman_table[i] = mjpeg->load_huffman_table[i];
 
@@ -107,7 +111,9 @@ void vlVaHandleSliceParameterBufferMJPEG(vlVaContext *context, vlVaBuffer *buf)
    context->desc.mjpeg.slice_parameter.slice_horizontal_position = mjpeg->slice_horizontal_position;
    context->desc.mjpeg.slice_parameter.slice_vertical_position = mjpeg->slice_vertical_position;
 
-   for (i = 0; i < mjpeg->num_components; ++i) {
+   STATIC_ASSERT(sizeof(mjpeg->components) ==
+                 sizeof(context->desc.mjpeg.slice_parameter.components));
+   for (i = 0; i < MIN2(mjpeg->num_components, ARRAY_SIZE(mjpeg->components)); ++i) {
       context->desc.mjpeg.slice_parameter.components[i].component_selector =
          mjpeg->components[i].component_selector;
       context->desc.mjpeg.slice_parameter.components[i].dc_table_selector =
diff --git a/src/gallium/frontends/va/postproc.c b/src/gallium/frontends/va/postproc.c
index 11285a6c108..347ec0c2026 100644
--- a/src/gallium/frontends/va/postproc.c
+++ b/src/gallium/frontends/va/postproc.c
@@ -220,6 +220,8 @@ static VAStatus vlVaPostProcBlit(vlVaDriver *drv, vlVaContext *context,
       vlVaSurface *surf;
 
       surf = handle_table_get(drv->htab, context->target_id);
+      if (!surf)
+         return VA_STATUS_ERROR_INVALID_SURFACE;
       surf->templat.interlaced = false;
       dst->destroy(dst);
 
@@ -391,6 +393,10 @@ vlVaHandleVAProcPipelineParameterBufferType(vlVaDriver *drv, vlVaContext *contex
 
    src_surface = handle_table_get(drv->htab, param->surface);
    dst_surface = handle_table_get(drv->htab, context->target_id);
+   if (!src_surface || !dst_surface)
+      return VA_STATUS_ERROR_INVALID_SURFACE;
+   if (!src_surface->buffer || !dst_surface->buffer)
+      return VA_STATUS_ERROR_INVALID_SURFACE;
 
    pscreen = drv->vscreen->pscreen;
 
@@ -423,9 +429,6 @@ vlVaHandleVAProcPipelineParameterBufferType(vlVaDriver *drv, vlVaContext *contex
       return VA_STATUS_SUCCESS;
    }
 
-   if (!src_surface || !src_surface->buffer)
-      return VA_STATUS_ERROR_INVALID_SURFACE;
-
    src = src_surface->buffer;
    dst = dst_surface->buffer;
 
diff --git a/src/gallium/frontends/va/subpicture.c b/src/gallium/frontends/va/subpicture.c
index b213e9abb7d..75e7a7a2283 100644
--- a/src/gallium/frontends/va/subpicture.c
+++ b/src/gallium/frontends/va/subpicture.c
@@ -236,6 +236,10 @@ vlVaAssociateSubpicture(VADriverContextP ctx, VASubpictureID subpicture,
 
    for (i = 0; i < num_surfaces; i++) {
       surf = handle_table_get(drv->htab, target_surfaces[i]);
+      if (!surf) {
+         mtx_unlock(&drv->mutex);
+         return VA_STATUS_ERROR_INVALID_SURFACE;
+      }
       util_dynarray_append(&surf->subpics, vlVaSubpicture *, sub);
    }
    mtx_unlock(&drv->mutex);
diff --git a/src/gallium/frontends/va/surface.c b/src/gallium/frontends/va/surface.c
index 413e786b326..48e93d31fbb 100644
--- a/src/gallium/frontends/va/surface.c
+++ b/src/gallium/frontends/va/surface.c
@@ -1586,7 +1586,7 @@ vlVaExportSurfaceHandle(VADriverContextP ctx,
    desc->width  = surf->templat.width;
    desc->height = surf->templat.height;
 
-   for (p = 0; p < VL_MAX_SURFACES; p++) {
+   for (p = 0; p < ARRAY_SIZE(desc->objects); p++) {
       struct winsys_handle whandle;
       struct pipe_resource *resource;
       uint32_t drm_format;