From e68410e359da932c7f30d8f0a41a5496268b339c Mon Sep 17 00:00:00 2001
From: Albert Astals Cid <aacid@kde.org>
Date: Sat, 9 Jan 2021 17:34:55 +0100
Subject: Gfx::opSetFillGray: Make sure the colorspace is gray

Otherwise we will end up doing an uninitialized memory read down the
road

oss-fuzz/10040
---
 poppler/Gfx.cc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/poppler/Gfx.cc b/poppler/Gfx.cc
index 20d450ed..694538cf 100644
--- a/poppler/Gfx.cc
+++ b/poppler/Gfx.cc
@@ -1310,7 +1310,8 @@ void Gfx::opSetFillGray(Object args[], int numArgs)
     if (!obj.isNull()) {
         colorSpace = GfxColorSpace::parse(res, &obj, out, state);
     }
-    if (colorSpace == nullptr) {
+    if (colorSpace == nullptr || colorSpace->getNComps() != 1) {
+        delete colorSpace;
         colorSpace = state->copyDefaultGrayColorSpace();
     }
     state->setFillColorSpace(colorSpace);
-- 
cgit v1.2.3