Muirey03

kern_return_t classForConnection(io_connect_t client, io_name_t cls)
{
	kern_return_t (*mach_port_kobject_description)(mach_port_t, mach_port_t, uint32_t*, mach_vm_address_t*, char*);
	void* handle = dlopen("/usr/lib/system/libsystem_kernel.dylib", RTLD_NOLOAD);
	mach_port_kobject_description = (__typeof mach_port_kobject_description)dlsym(handle, "mach_port_kobject_description");
	if (!mach_port_kobject_description)
		return KERN_NOT_SUPPORTED;

	char desc[512] = {0};
	uint32_t type = 0;

Muirey03

/*
IOAcceleratorFamily null-deref:

This bug was made aware to me by this panic log: 
https://www.reddit.com/r/jailbreakdevelopers/comments/dfs5cn/ios_system_panic_kernel_data_abort_very_strange/

IOAccelShared2::create_shmem() is an external method that a userspace client can call to request a shared memory mapping that 
will be used by other external methods. This method verifies that the size of the requested shared memory is no greater 
than 0x10000000 bytes, then registers this mapping with a unique "id" and returns the value of IOAccelDeviceShmem::getClientData() 
along with the associated id back to userspace. However, this check is not always small enough to ensure that the memory can be 

Muirey03

UIImage* UIKitImage(NSString* imgName)
{
    NSString* artworkPath = @"/System/Library/PrivateFrameworks/UIKitCore.framework/Artwork.bundle";
    NSBundle* artworkBundle = [NSBundle bundleWithPath:artworkPath];
    if (!artworkBundle)
    {
        artworkPath = @"/System/Library/Frameworks/UIKit.framework/Artwork.bundle";
        artworkBundle = [NSBundle bundleWithPath:artworkPath];
    }
    UIImage* img = [UIImage imageNamed:imgName inBundle:artworkBundle];