Thanks for report. I just applied an fix for both the latest stable version (1.1.0) and the development version (1.2.0).
Not sure if code injection is possible as the maximum overflow is of 5 bytes, guess not long enough to encode an instruction. Regards, Bogdan
