Null pointer dereference
TronciuVlad opened this issue · comments
In the following file:
https://github.com/radareorg/radare2/blob/master/shlr/grub/fs/sfs.c
At line 161 inside function grub_sfs_read_extent there exists a security vulnerability due to the lack of a check for the state of tree_block. The subsequent code proceeds to use tree_block without verifying that it points to a valid memory allocation. This will lead to the dereference of a NULL pointer when the tree is assgned the value of treeblock cast to a struct grub_sfs_btree* and then used in the call to grub_disk_read. Dereferencing a NULL pointer us undefined behaviour in C and typically results in a segmentation fault or access violation, causing the program to crash.
We solved it by adding a check and here is the pull request for it:
Fixed by merging your PR. thank you!