From cc8f93a3ff5becb003933325e43bce682892c0a4 Mon Sep 17 00:00:00 2001
From: Kleis Auke Wolthuizen <github@kleisauke.nl>
Date: Tue, 22 Dec 2020 10:32:43 +0100
Subject: [PATCH 1/4] Ensure memory source is non-null

---
 libvips/iofuncs/source.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/libvips/iofuncs/source.c b/libvips/iofuncs/source.c
index 224baeb8..b3c5e7bf 100644
--- a/libvips/iofuncs/source.c
+++ b/libvips/iofuncs/source.c
@@ -318,7 +318,9 @@ vips_source_build( VipsObject *object )
 	if( vips_object_argument_isset( object, "blob" ) ) {
 		size_t length;
 
-		source->data = vips_blob_get( source->blob, &length );
+		if( !(source->data = vips_blob_get( source->blob, &length )) )
+			return( -1 );
+
 		source->length = VIPS_MIN( length, G_MAXSSIZE );
 	}
 

From 2eeeedc957039e20e2ba1ab3640c672d695b5bd5 Mon Sep 17 00:00:00 2001
From: Kleis Auke Wolthuizen <github@kleisauke.nl>
Date: Tue, 22 Dec 2020 11:19:09 +0100
Subject: [PATCH 2/4] Avoid seeking on bad file descriptors

---
 libvips/iofuncs/source.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/libvips/iofuncs/source.c b/libvips/iofuncs/source.c
index b3c5e7bf..880c8bad 100644
--- a/libvips/iofuncs/source.c
+++ b/libvips/iofuncs/source.c
@@ -153,7 +153,8 @@ vips_source_test_features( VipsSource *source )
 	 * vips_source_seek() etc. or we might trigger seek emulation.
 	 */
 	if( source->data ||
-		class->seek( source, 0, SEEK_CUR ) != -1 ) { 
+		(VIPS_CONNECTION( source )->descriptor != -1 &&
+			class->seek( source, 0, SEEK_CUR ) != -1) ) { 
 		gint64 length;
 
 		VIPS_DEBUG_MSG( "    seekable source\n" );

From e437805fc19cdf9af89685576a08b3a502a2954d Mon Sep 17 00:00:00 2001
From: Kleis Auke Wolthuizen <github@kleisauke.nl>
Date: Tue, 22 Dec 2020 13:34:14 +0100
Subject: [PATCH 3/4] Move descriptor test to vips_source_seek_real

Since subclasses could override the seek method without setting the file descriptor.
---
 libvips/iofuncs/source.c | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/libvips/iofuncs/source.c b/libvips/iofuncs/source.c
index 880c8bad..cc3764de 100644
--- a/libvips/iofuncs/source.c
+++ b/libvips/iofuncs/source.c
@@ -153,8 +153,7 @@ vips_source_test_features( VipsSource *source )
 	 * vips_source_seek() etc. or we might trigger seek emulation.
 	 */
 	if( source->data ||
-		(VIPS_CONNECTION( source )->descriptor != -1 &&
-			class->seek( source, 0, SEEK_CUR ) != -1) ) { 
+		class->seek( source, 0, SEEK_CUR ) != -1 ) { 
 		gint64 length;
 
 		VIPS_DEBUG_MSG( "    seekable source\n" );
@@ -349,16 +348,15 @@ vips_source_seek_real( VipsSource *source, gint64 offset, int whence )
 {
 	VipsConnection *connection = VIPS_CONNECTION( source );
 
-	gint64 new_pos;
-
 	VIPS_DEBUG_MSG( "vips_source_seek_real:\n" );
 
 	/* Like _read_real(), we must not set a vips_error. We need to use the
 	 * vips__seek() wrapper so we can seek long files on Windows.
 	 */
-	new_pos = vips__seek_no_error( connection->descriptor, offset, whence );
+	if( connection->descriptor != -1 )
+		return( vips__seek_no_error( connection->descriptor, offset, whence ) );
 
-	return( new_pos );
+	return( -1 );
 }
 
 static void

From c3159e209de5900f4bcb0540e66645febd203df0 Mon Sep 17 00:00:00 2001
From: John Cupitt <jcupitt@gmail.com>
Date: Tue, 22 Dec 2020 12:55:44 +0000
Subject: [PATCH 4/4] note in changelog

see https://github.com/libvips/libvips/pull/1938
---
 ChangeLog | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index eee28d62..16739985 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,7 @@
 18/12/20 started 8.10.5
 - fix potential /0 in animated webp load [lovell]
+- don't seek on bad file descriptors [kleisauke]
+- check for null memory sources [kleisauke]
 
 14/12/20 started 8.10.4
 - fix spng detection