diff --git a/tcache_dup.c b/tcache_dup.c
index 99687b2..bb5b16c 100644
--- a/tcache_dup.c
+++ b/tcache_dup.c
@@ -1,6 +1,9 @@
 #include<stdio.h>
 #include<stdlib.h>
 #include<inttypes.h>
+
+char buf[0x20];
+
 int main(int argc,char **argv)
 {
     //this is tcache
@@ -18,15 +21,16 @@ int main(int argc,char **argv)
     void *p,*q,*r,*d;
     p = malloc(0x10);
     q = malloc(0x10);
+    free(q);
     free(p);
     printf("now , we have a tcache which is already free\n");
     printf("We can modify its next pointer!\n");
-    *(uint64_t *)p = (uint64_t)q;
-    printf("now p's next pointer = q\n");
-    printf("p's next = %p ,q = %p\n",*(uint64_t *)p,q);
+    *(uint64_t *)p = (uint64_t)buf;
+    printf("now p's next pointer = buf\n");
+    printf("p's next = %p ,buf = %p\n",*(uint64_t *)p,buf);
     printf("so,We can malloc twice to get a pointer to q,sure you can change this to what you want!\n");
     r = malloc(0x10);
     d = malloc(0x10);
-    printf("OK!, we get we want!\n");
+    printf("OK!, we get we want, d = %p\n",d);
     
 }