OlivierLaflamme · May 13, 2024 17:59
diff --git a/POSSIBLE_UAF b/POSSIBLE_UAF
 Free rva: 0x00047d58 
 Freed buffer definition rva: 0x00047c6c 

 memalign : 0x00047d2c 
 0x00047d2c ori $v0, $v1, 1 
 0x00047d30 sw $v0, 4($s1) 
 0x00047d34 addu $v1, $s1, $v1 
 0x00047d38 lw $v0, 4($v1) 
 0x00047d3c lw $t9, -0x7f8c($gp) 
 0x00047d40 ori $v0, $v0, 1 
 0x00047d44 sw $v0, 4($v1) 
 0x00047d48 lw $v0, 4($s2) 
 0x00047d4c move $a0, $a1 
 0x00047d50 andi $v0, $v0, 1 
 0x00047d54 or $v0, $v0, $a2 
 0x00047d58 jalr $t9 
 0x00047d5c sw $v0, 4($s2) 

 memalign : 0x00047d94 
 0x00047d94 ori $v0, $v0, 1 
 0x00047d98 addu $a0, $s2, $s3 
 0x00047d9c sw $v0, 4($a0) 
 0x00047da0 lw $v0, 4($s2) 
 0x00047da4 lw $t9, -0x7f8c($gp) 
 0x00047da8 andi $v0, $v0, 1 
 0x00047dac or $v0, $v0, $s3 
 0x00047db0 sw $v0, 4($s2) 
 0x00047db4 jalr $t9 
 0x00047db8 addiu $a0, $a0, 8
	Free rva: 0x00047d58
	Freed buffer definition rva: 0x00047c6c

	memalign : 0x00047d2c
	0x00047d2c ori $v0, $v1, 1
	0x00047d30 sw $v0, 4($s1)
	0x00047d34 addu $v1, $s1, $v1
	0x00047d38 lw $v0, 4($v1)
	0x00047d3c lw $t9, -0x7f8c($gp)
	0x00047d40 ori $v0, $v0, 1
	0x00047d44 sw $v0, 4($v1)
	0x00047d48 lw $v0, 4($s2)
	0x00047d4c move $a0, $a1
	0x00047d50 andi $v0, $v0, 1
	0x00047d54 or $v0, $v0, $a2
	0x00047d58 jalr $t9
	0x00047d5c sw $v0, 4($s2)

	memalign : 0x00047d94
	0x00047d94 ori $v0, $v0, 1
	0x00047d98 addu $a0, $s2, $s3
	0x00047d9c sw $v0, 4($a0)
	0x00047da0 lw $v0, 4($s2)
	0x00047da4 lw $t9, -0x7f8c($gp)
	0x00047da8 andi $v0, $v0, 1
	0x00047dac or $v0, $v0, $s3
	0x00047db0 sw $v0, 4($s2)
	0x00047db4 jalr $t9
	0x00047db8 addiu $a0, $a0, 8