From 216d117f05bff87b9dc4db55a1b1fadb38bcb786 Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Tue, 24 Jul 2018 17:31:33 -0400
Subject: [PATCH] XBM coder leaves the hex image data uninitialized if hex
 value of the pixel is negative

---
 coders/xbm.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/coders/xbm.c b/coders/xbm.c
index 34344b735..bae47c8e5 100644
--- a/coders/xbm.c
+++ b/coders/xbm.c
@@ -351,7 +351,10 @@ static Image *ReadXBMImage(const ImageInfo *image_info,ExceptionInfo *exception)
     {
       c=XBMInteger(image,hex_digits);
       if (c < 0)
-        break;
+        {
+          data=(unsigned char *) RelinquishMagickMemory(data);
+          ThrowReaderException(CorruptImageError,"ImproperImageHeader");
+        }
       *p++=(unsigned char) c;
       if ((padding == 0) || (((i+2) % bytes_per_line) != 0))
         *p++=(unsigned char) (c >> 8);
@@ -361,7 +364,10 @@ static Image *ReadXBMImage(const ImageInfo *image_info,ExceptionInfo *exception)
     {
       c=XBMInteger(image,hex_digits);
       if (c < 0)
-        break;
+        {
+          data=(unsigned char *) RelinquishMagickMemory(data);
+          ThrowReaderException(CorruptImageError,"ImproperImageHeader");
+        }
       *p++=(unsigned char) c;
     }
   if (EOFBlob(image) != MagickFalse)
-- 
2.40.0