Tags: aslr vsyscall pie
An uninitialized value is being used as the amount of bytes that is being read from the user in a `read()` call.
This results in a stack-overflow, where both PIE and ASLR are enabled -- and we have no leaks!
The way we deal with it is using a `vsyscall` gadget, which allows us to "slide" in the stack until we can partially-overwrite a libc address.
From there, we partially overwrite it to make it jump to a **PATCHED-IN** gadget (the given libc had an additional gadget), and finally get a shell!