Verify the injection error buffer is null-termined.

diff --git a/Mach/Inject.cpp b/Mach/Inject.cpp
index 6ca0378b85075411ac5d2d4591173b6c57003679..7d805992c09c31a88515e0aa3b648b395f5cf0e6 100644 (file)
--- a/Mach/Inject.cpp
+++ b/Mach/Inject.cpp
@@ -292,8 +292,11 @@ void InjectLibrary(pid_t pid) {
     mach_vm_size_t error(sizeof(baton->error));
     _krncall(mach_vm_read_overwrite(task, data + offsetof(Baton, error), sizeof(baton->error), reinterpret_cast<mach_vm_address_t>(&baton->error), &error));
     _assert(error == sizeof(baton->error));
-    if (baton->error[0] != '\0')
+
+    if (baton->error[0] != '\0') {
+        baton->error[sizeof(baton->error) - 1] = '\0';
         CYThrow("%s", baton->error);
+    }
 
     _krncall(mach_vm_deallocate(task, code, trampoline->size_));
     _krncall(mach_vm_deallocate(task, stack, size));