Hello alltogether,

the underlying problem seams to me an API misuse, calling rotateInitiate with 2nd parameter action=NULL.

Now, plugins/rotate.c at line 614f cs->rotationState is set based on wether action is NULL or not.

Then under the situation that rs->grabIndex is !=NULL (can this happen at this
point?) it would probably dereference action at line 642 or 625 (Depending on some bits in variable state.

Have reviewed other *Initiate() stuff with similiar API, I think the 2nd parameter should never be called with NULL.

Roland

Hello alltogether,

the underlying problem seams to me an API misuse, calling rotateInitiate with 2nd parameter action=NULL.

Now, plugins/rotate.c at line 614f cs->rotationState is set based on wether action is NULL or not.

Then under the situation that rs->grabIndex is !=NULL (can this happen at this
point?) it would probably dereference action at line 642 or 625 (Depending on some bits in variable state.

Have reviewed other *Initiate() stuff with similiar API, I think the 2nd parameter should never be called with NULL.

Roland
If action == NULL at that point, rs->grabIndex is always 0 ... the specific use case here is rotate.c, line 737 and 824. There could be a possible deference if action is NULL and rs->grabIndex is != 0, but the caller (which always is inside the file for the action == NULL case, as an action is always passed when initiatiated from a binding) has to make sure this is not the case.