Abuese a UAF that is caused by overflowing the **1 BYTE in size** `refcount` of a book struct, get a user-controlled memory region to overlap with that struct and abuse it in the classic UAF way.

Original writeup (https://github.com/perfectblue/ctf-writeups/blob/master/whitehat-grandprix-2018/pwn02_bookstore.md).