File gd-CVE-2019-11038.patch of Package gd.21221

diff --git a/src/gd_xbm.c b/src/gd_xbm.c
index 4ca41acf..cf0545ef 100644
--- a/src/gd_xbm.c
+++ b/src/gd_xbm.c
@@ -169,7 +169,11 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromXbm(FILE * fd)
 			}
 			h[3] = ch;
 		}
-		sscanf(h, "%x", &b);
+		if (sscanf(h, "%x", &b) != 1) {
+			gd_error("invalid XBM");
+			gdImageDestroy(im);
+			return 0;
+		}
 		for (bit = 1; bit <= max_bit; bit = bit << 1) {
 			gdImageSetPixel(im, x++, y, (b & bit) ? 1 : 0);
 			if (x == im->sx) {

openSUSE Build Service is sponsored by