In the following file:

https://github.com/radareorg/radare2/blob/master/shlr/grub/fs/sfs.c

At line 161 inside function grub_sfs_read_extent there exists a security vulnerability due to the lack of a check for the state of tree_block. The subsequent code proceeds to use tree_block without verifying that it points to a valid memory allocation. This will lead to the dereference of a NULL pointer when the tree is assgned the value of treeblock cast to a struct grub_sfs_btree* and then used in the call to grub_disk_read. Dereferencing a NULL pointer us undefined behaviour in C and typically results in a segmentation fault or access violation, causing the program to crash.

We solved it by adding a check and here is the pull request for it:

#22585

Fixed by merging your PR. thank you!