diff --git a/.DS_Store b/.DS_Store
index 4f5e10cf6297cdb2a05ce0ee27d4ea60be2b1b26..ca4db00a8e8de7c0efefadb74a9b1e1414d51cac 100644
Binary files a/.DS_Store and b/.DS_Store differ
diff --git a/bin/.DS_Store b/bin/.DS_Store
index d88b4bd00ff8abd58b55a2d01b93251b8dd60bcd..79c8b8eccb15ad6d3e7138ee0873cbee6c381174 100644
Binary files a/bin/.DS_Store and b/bin/.DS_Store differ
diff --git a/bin/vuln-1/passbook b/bin/vuln-1/passbook
index 9283953645cfdf50aa918cd294e530a44b893d54..e06da594859f5f0b9d003cb73799e9f6b120e9aa 100755
Binary files a/bin/vuln-1/passbook and b/bin/vuln-1/passbook differ
diff --git a/bin/vuln-1/passbook-cov b/bin/vuln-1/passbook-cov
index b5e7a6f23524ad165c697e00ab996d650590f486..7a40ecdf5e5f3fa8f03834a8effd4c054091829e 100755
Binary files a/bin/vuln-1/passbook-cov and b/bin/vuln-1/passbook-cov differ
diff --git a/bin/vuln-1/passbook-cov.dSYM/Contents/Resources/DWARF/passbook-cov b/bin/vuln-1/passbook-cov.dSYM/Contents/Resources/DWARF/passbook-cov
index 1f26ce9142acc8f41d32421ec72287aa38cdf334..9c109168d360e1d7f1afd0f4317b692b64615915 100644
Binary files a/bin/vuln-1/passbook-cov.dSYM/Contents/Resources/DWARF/passbook-cov and b/bin/vuln-1/passbook-cov.dSYM/Contents/Resources/DWARF/passbook-cov differ
diff --git a/bin/vuln-1/passbook-fuzz b/bin/vuln-1/passbook-fuzz
index a0ae0846296882f6df01a927194efa521ff3a719..a61050b7ebc36178763c64e472976a2e5e87d6e0 100755
Binary files a/bin/vuln-1/passbook-fuzz and b/bin/vuln-1/passbook-fuzz differ
diff --git a/bin/vuln-1/passbook-fuzz.dSYM/Contents/Resources/DWARF/passbook-fuzz b/bin/vuln-1/passbook-fuzz.dSYM/Contents/Resources/DWARF/passbook-fuzz
index 912cd181acdf866a093a14ee60ae7da2a5e5292f..2d86343bad5262802e766f1b5ec9594ccb88fad0 100644
Binary files a/bin/vuln-1/passbook-fuzz.dSYM/Contents/Resources/DWARF/passbook-fuzz and b/bin/vuln-1/passbook-fuzz.dSYM/Contents/Resources/DWARF/passbook-fuzz differ
diff --git a/bin/vuln-1/passbook-san b/bin/vuln-1/passbook-san
index 0206a3554d6a15a0c28bdd1c56002a2ecd2f3abf..d93c810579c44982224e6b48f483b11117a6000b 100755
Binary files a/bin/vuln-1/passbook-san and b/bin/vuln-1/passbook-san differ
diff --git a/bin/vuln-1/passbook-san.dSYM/Contents/Resources/DWARF/passbook-san b/bin/vuln-1/passbook-san.dSYM/Contents/Resources/DWARF/passbook-san
index 38a8ea4b6e9e8a116a610f775858a4a531982672..0eb0fa341ff609181155573c72500fec715c619b 100644
Binary files a/bin/vuln-1/passbook-san.dSYM/Contents/Resources/DWARF/passbook-san and b/bin/vuln-1/passbook-san.dSYM/Contents/Resources/DWARF/passbook-san differ
diff --git a/bin/vuln-1/passbook.dSYM/Contents/Resources/DWARF/passbook b/bin/vuln-1/passbook.dSYM/Contents/Resources/DWARF/passbook
index 005a3e51e8e9cbe9a4e05a86b3b15f69ddff6378..7d545e4deb8ee32e502c596ccc07d4f6b77cec56 100644
Binary files a/bin/vuln-1/passbook.dSYM/Contents/Resources/DWARF/passbook and b/bin/vuln-1/passbook.dSYM/Contents/Resources/DWARF/passbook differ
diff --git a/bin/vuln-1/passwords.txt b/bin/vuln-1/passwords.txt
index b7d6e8b254d0903193ebf244b9a8521ced8c4c2c..d0711896b8f1a1b39865f281be2a0c64fd4839a8 100644
--- a/bin/vuln-1/passwords.txt
+++ b/bin/vuln-1/passwords.txt
@@ -1,3 +1,2 @@
 masterpw master_pw
-put www.gogo.com gogo gogo1
-put www.gege.com gege gege1
+put www.abc.com abc abc1
diff --git a/poc/vuln-1.poc b/poc/vuln-1.poc
index 105d0c018ed609393fc7856d834a981f530e180a..686f074eb3503f2d2ec0724aad6932cf931c4cb0 100644
--- a/poc/vuln-1.poc
+++ b/poc/vuln-1.poc
@@ -1,5 +1,5 @@
 put www.gege.com gege gege1
 put www.gogo.com gogo gogo1
-put %s %s %s
+put %s%x%x%x%x %x%x%x %x
 list
 save master_pw passwords.txt
\ No newline at end of file
diff --git a/src/vuln-1/passbook.c b/src/vuln-1/passbook.c
index e2d1eaf9376e7e43b9bfe2244bc9093c4404fa62..107de20f24f3d0b60307d383cf059f152173756d 100644
--- a/src/vuln-1/passbook.c
+++ b/src/vuln-1/passbook.c
@@ -67,12 +67,29 @@ static const node_t *lookup(const node_t *p, const char *url)
 
 static void node_print(const node_t *p)
 {
+
+  // Vuln-1 here!
   printf("Url: ");
   printf(p->url);
+  // printf("\n");
+  // printf("size of url is %d\n", sizeof(p->url));
+  // printf("Address of url in x is %x\n", &(p->url));
+  // printf("Address of url in p is %p\n", &(p->url));
+
   printf(", Username: ");
   printf(p->cred.username);
+  // printf("\n");
+  // printf("size of username is %d\n", sizeof(p->cred.username));
+  // printf("Address of username in x is %x\n", &(p->cred.username));
+  // printf("Address of username in p is %p\n", &(p->cred.username));
+
   printf(", Password: ");
   printf(p->cred.password);
+  // printf("\n");
+  // printf("size of password is %d\n", sizeof(p->cred.password));
+  // printf("Address of password in x is %x\n", &(p->cred.password));
+  // printf("Address of password in p is %p\n", &(p->cred.password));
+
   printf("\n");
 
   // printf("URL: %s, Username: %s, Password: %s\n", p->url, p->cred.username, p->cred.password);
@@ -81,11 +98,11 @@ static void node_print(const node_t *p)
 /* construct a new node */
 static node_t *node_new(const char *url, const cred_t cred)
 {
-  // Vuln-1.1 here!
+  // Vuln-extra1 here!
   // Change sizeof(node_t) to sizeof(node_t*)
-  node_t *new = malloc(50);
-  // node_t *new = malloc(sizeof(node_t));
-
+  // node_t *new = malloc(50);
+  node_t *new = malloc(sizeof(node_t));
+  printf("size of new is %d\n", sizeof(*new));
   // printf("the size of node_t is %lu\n the size of char * is %lu\n the size of cred_t is %lu\n the size of struct node * is %lu\n", sizeof(node_t), sizeof(char *), sizeof(cred_t), sizeof(struct node *));
 
   // Vuln-1.3 here!
@@ -111,7 +128,7 @@ static void node_edit_cred(node_t *p, node_t *q)
 {
   free(p->cred.username);
   free(p->cred.password);
-  // Vuln-1.2 here!
+  // Vuln-extra2 here!
   // used strcpy instead of assigning pointers
   // p->cred.username = strncpy(p->cred.username, q->cred.username, INT32_MAX);
   // p->cred.password = strncpy(p->cred.password, q->cred.password, INT32_MAX);
@@ -220,6 +237,9 @@ static node_t *rem(node_t *p, const char *url)
       node_t *left = p->left;
       node_t *const right = p->right;
       left = node_insert(left, right);
+
+      // Vuln-extra3 here!
+      // Don't think this counts since memory leaks are not valid vulnerabilities in this assignment?
       node_free(p);
       if (pptr != NULL)
       {
@@ -410,6 +430,29 @@ void print_inorder(const node_t *p)
 
       // print the node following the return
       node_print(q);
+      // Vuln-1 here!
+      // printf("Url: ");
+      // printf(q->url);
+      // printf("\n");
+      // printf("size of url is %d\n", sizeof(q->url));
+      // printf("Address of url in x is %x\n", &(q->url));
+      // printf("Address of url in p is %p\n", &(q->url));
+
+      // printf(", Username: ");
+      // printf(q->cred.username);
+      // printf("\n");
+      // printf("size of username is %d\n", sizeof(q->cred.username));
+      // printf("Address of username in x is %x\n", &(q->cred.username));
+      // printf("Address of username in p is %p\n", &(q->cred.username));
+
+      // printf(", Password: ");
+      // printf(q->cred.password);
+      // printf("\n");
+      // printf("size of password is %d\n", sizeof(q->cred.password));
+      // printf("Address of password in x is %x\n", &(q->cred.password));
+      // printf("Address of password in p is %p\n", &(q->cred.password));
+
+      printf("\n");
 
       // simulate right recursive call
       if (q->right != NULL)
@@ -529,6 +572,10 @@ static int execute(void)
     }
     debug_printf("Removing: %s\n", toks[1]);
     map = rem(map, toks[1]);
+
+    // Another Vuln here!
+    printf("Removed: ");
+    printf(toks[1]);
   }
   else if (strcmp(toks[0], INSTRUCTION_PUT) == 0)
   {