diff --git a/src/libinput-util.h b/src/libinput-util.h
index 46421cbf..ff8d56fb 100644
--- a/src/libinput-util.h
+++ b/src/libinput-util.h
@@ -28,6 +28,7 @@
 #include "config.h"
 
 #include <assert.h>
+#include <ctype.h>
 #include <errno.h>
 #include <limits.h>
 #include <locale.h>
@@ -556,6 +557,24 @@ safe_atod(const char *str, double *val)
 	char *endptr;
 	double v;
 	locale_t c_locale;
+	size_t slen = strlen(str);
+
+	/* We don't have a use-case where we want to accept hex for a double
+	 * or any of the other values strtod can parse */
+	for (size_t i = 0; i < slen; i++) {
+		char c = str[i];
+
+		if (isdigit(c))
+		       continue;
+		switch(c) {
+		case '+':
+		case '-':
+		case '.':
+			break;
+		default:
+			return false;
+		}
+	}
 
 	/* Create a "C" locale to force strtod to use '.' as separator */
 	c_locale = newlocale(LC_NUMERIC_MASK, "C", (locale_t)0);
diff --git a/test/test-misc.c b/test/test-misc.c
index 8176a3e9..a7f97acd 100644
--- a/test/test-misc.c
+++ b/test/test-misc.c
@@ -945,8 +945,7 @@ START_TEST(calibration_prop_parser)
 		{ "1 2 3 4 5 6", true, DEFAULT_VALUES },
 		{ "6.00012 3.244 4.238 5.2421 6.0134 8.860", true,
 			{ 6.00012, 3.244, 4.238, 5.2421, 6.0134, 8.860 }},
-		{ "0xff 2 3 4 5 6", true,
-			{ 255, 2, 3, 4, 5, 6 }},
+		{ "0xff 2 3 4 5 6", false, DEFAULT_VALUES },
 		{ NULL, false, DEFAULT_VALUES }
 	};
 	bool success;
@@ -1271,9 +1270,9 @@ START_TEST(safe_atod_test)
 		{ "2147483647", true, 2147483647 },
 		{ "-2147483648", true, -2147483648 },
 		{ "4294967295", true, 4294967295 },
-		{ "0x0", true, 0 },
-		{ "0x10", true, 0x10 },
-		{ "0xaf", true, 0xaf },
+		{ "0x0", false, 0 },
+		{ "0x10", false, 0 },
+		{ "0xaf", false, 0 },
 		{ "x80", false, 0 },
 		{ "0.0", true, 0.0 },
 		{ "0.1", true, 0.1 },