From 87841348fb033023fd91a474bac30ed8c7d35336 Mon Sep 17 00:00:00 2001
From: Zoria <50277488+THZoria@users.noreply.github.com>
Date: Sat, 31 May 2025 22:07:33 +0200
Subject: [PATCH] Created Firmware 20.0.1 (markdown)

---
 Firmware-20.0.1.md | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 Firmware-20.0.1.md

diff --git a/Firmware-20.0.1.md b/Firmware-20.0.1.md
new file mode 100644
index 0000000..e133a03
--- /dev/null
+++ b/Firmware-20.0.1.md
@@ -0,0 +1,20 @@
+# System Titles
+
+The following titles were updated:
+Sysmodules: ns.
+[NPDM](https://switchbrew.org/wiki/NPDM) changes (besides usual version-bump): none.
+
+RomFs changes:
+
+[SystemVersion](https://switchbrew.org/wiki/System_Version_Title): All files updated.
+
+# IPC Interface Changes
+
+No changes.
+
+# [ns](https://switchbrew.org/wiki/NS_services)
+
+The only changed function was L_dce70.
+This function iterates through "tmpCache" and attempts to shrink all JPEG images with [ShrinkJpegEx](https://switchbrew.org/wiki/Jpegdec_services#ShrinkJpegEx) in a loop.
+However, the objects holding the JPEG file context were being freed unconditionally which resulted in passing invalid arguments (use-after-free) to [ShrinkJpegEx](https://switchbrew.org/wiki/Jpegdec_services#ShrinkJpegEx) which, in turn, would return the error code 0x7EECE (2206-1015) which the function would then blindly return back.
+The issue was fixed by first no longer blindly return the error code returned by [ShrinkJpegEx](https://switchbrew.org/wiki/Jpegdec_services#ShrinkJpegEx) and then properly implementing the conditions that lead to freeing the JPEG file objects.
\ No newline at end of file