With the development of software vulnerability analysis technologies, the evaluation of different bug-detecting tools has become very important for selecting better-performed ones and improving the approaches. To obtain a convincing evaluation result, a well-constructed vulnerability corpus is indispensable. However, the existing corpora are either constructed from real-world bugs or artificially designed, suffering various problems like small volume, lack of ground truth, etc. Generating large-scale bug corpora through an automated way has been widely noticed. In this paper, we propose an automated vulnerability injection system to generate code samples with triggerable vulnerabilities. Specifically, the system analyzes a host program with the symbolic execution tool to generate high-coverage test cases. Meanwhile, it identifies the potential bug injection points and performs static taint analysis to mark tainted variables and their relevance to the bug injection points. Based on the variables, the system modifies the host program to vulnerable code samples that could be verified by the test cases. In conclusion, the system realizes the injection of buffer overflow vulnerabilities in C/C++ programs. A study case is shown to demonstrate the injection processes, and the evaluation presents our advantages in the realness and magnitude of generated bug samples as well as solving high-coverage test cases.