20.0.1: Difference between revisions

(3 intermediate revisions by 2 users not shown)

Line 24:

=== IPC Interface Changes ===

No changes.

=== [[NS_services|ns]] ===

* The only changed function was L_dce70.

** This function iterates through "tmpCache" and attempts to shrink all JPEG images with [[Jpegdec_services#ShrinkJpegEx|ShrinkJpegEx]] in a loop.

** However, the objects holding the JPEG file context were being freed unconditionally which resulted in passing invalid arguments (use-after-free) to [[Jpegdec_services#ShrinkJpegEx|ShrinkJpegEx]] which, in turn, would return the error code 0x7EECE (2206-1015) which the function would then blindly return back.

** The issue was fixed by first no longer blindly return the error code returned by [[Jpegdec_services#ShrinkJpegEx|ShrinkJpegEx]] and then properly implementing the conditions that lead to freeing the JPEG file objects.

==See Also==

@@ Line 24: / Line 24: @@
 === IPC Interface Changes ===
 No changes.
+=== [[NS_services|ns]] ===
+* The only changed function was L_dce70.
+** This function iterates through "tmpCache" and attempts to shrink all JPEG images with [[Jpegdec_services#ShrinkJpegEx|ShrinkJpegEx]] in a loop.
+** However, the objects holding the JPEG file context were being freed unconditionally which resulted in passing invalid arguments (use-after-free) to [[Jpegdec_services#ShrinkJpegEx|ShrinkJpegEx]] which, in turn, would return the error code 0x7EECE (2206-1015) which the function would then blindly return back.
+** The issue was fixed by first no longer blindly return the error code returned by [[Jpegdec_services#ShrinkJpegEx|ShrinkJpegEx]] and then properly implementing the conditions that lead to freeing the JPEG file objects.
 ==See Also==