diff --git a/poc/vuln-3.poc b/poc/vuln-3.poc
index 9898eb7de370b2ac97e89c694ece7da2673b8e73..eba4958dc48bffaf58c6b5738680c0efebd5f4f8 100644
--- a/poc/vuln-3.poc
+++ b/poc/vuln-3.poc
@@ -1,4 +1,2 @@
 push 5
-store a
-load a
-print
\ No newline at end of file
+store aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
\ No newline at end of file
diff --git a/poc/vuln-5.poc b/poc/vuln-5.poc
index 5bd0e4a5890db12d49db6a3f531479729e2345fb..eba4958dc48bffaf58c6b5738680c0efebd5f4f8 100644
--- a/poc/vuln-5.poc
+++ b/poc/vuln-5.poc
@@ -1,4 +1,2 @@
 push 5
-store a
-remove a
-list
\ No newline at end of file
+store aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
\ No newline at end of file
diff --git a/src/vuln-3/dc.c b/src/vuln-3/dc.c
index 0d9795a06dfc5cb6cdd6056ba7d7bc0b563d2d95..2b3e9405385ae3665e594bb1068fc130afd8a570 100644
--- a/src/vuln-3/dc.c
+++ b/src/vuln-3/dc.c
@@ -72,7 +72,13 @@ static void node_print(const node_t *p){
 static node_t *node_new(const char *varname, const value_t value){
   node_t *new = malloc(sizeof(node_t));
   assert(new != NULL && "new: malloc failed");
-  new->varname = strdup(varname);
+
+  //new->varname = strdup(varname);
+
+  /*---- vuln-3 ----*/
+  new->varname = (char *)malloc(1014 * sizeof(char));
+  strcpy(new->varname, varname);
+
   assert(new->varname != NULL && "new: strdup varname failed");
   new->value = value;
   new->left = NULL;
@@ -429,10 +435,8 @@ int save_levelorder(const node_t *p,
 
 /* returns 0 on successful execution of the instruction in inst */
 static int execute(void){
-
-	/*---- vuln3 ----*/
-  char * toks[2]; /* these are pointers to start of different tokens */
-  const unsigned int numToks = tokenise(inst,toks,2);
+  char * toks[4]; /* these are pointers to start of different tokens */
+  const unsigned int numToks = tokenise(inst,toks,4);
     
   if (numToks == 0){
     /* blank line */
@@ -445,9 +449,7 @@ static int execute(void){
       return -1;
     }
     debug_printf("Looking up: %s\n",toks[1]);
-
-	/*---- vuln3 ----*/
-    const node_t *p = lookup(map,toks[2]);
+    const node_t *p = lookup(map,toks[1]);
     if (p != NULL){
       if (stack_full()){
         debug_printf("Trying to load onto full stack\n");
diff --git a/src/vuln-5/dc.c b/src/vuln-5/dc.c
index de84ea6c472c352e21abfa4eea2dac1c4a9ca60b..129aadbefdea268cc3389f1f8ec07358736a297e 100644
--- a/src/vuln-5/dc.c
+++ b/src/vuln-5/dc.c
@@ -72,7 +72,12 @@ static void node_print(const node_t *p){
 static node_t *node_new(const char *varname, const value_t value){
   node_t *new = malloc(sizeof(node_t));
   assert(new != NULL && "new: malloc failed");
-  new->varname = strdup(varname);
+  //new->varname = strdup(varname);
+
+  /*---- vuln-5 ----*/
+  new->varname = (char *)malloc(1013 * sizeof(char));
+  strcpy(new->varname, varname);
+
   assert(new->varname != NULL && "new: strdup varname failed");
   new->value = value;
   new->left = NULL;
@@ -429,10 +434,8 @@ int save_levelorder(const node_t *p,
 
 /* returns 0 on successful execution of the instruction in inst */
 static int execute(void){
-
-	/*---- vuln5 ----*/
-  char * toks[2]; /* these are pointers to start of different tokens */
-  const unsigned int numToks = tokenise(inst,toks,2);
+  char * toks[4]; /* these are pointers to start of different tokens */
+  const unsigned int numToks = tokenise(inst,toks,4);
     
   if (numToks == 0){
     /* blank line */
@@ -568,9 +571,7 @@ static int execute(void){
       return -1;
     }
     debug_printf("Removing: %s\n",toks[1]);
-
-	/*---- vuln5 ----*/
-    map = rem(map,toks[2]);
+    map = rem(map,toks[1]);
     
   } else if (strcmp(toks[0],INSTRUCTION_SAVE) == 0){
     if (numToks != 2){