A buffer is simply some fixed space in memory used to store data. In C, you create a buffer by declaring an array of some primitive type such as a ‘char array[SIZE]‘ or int ‘array[SIZE]‘. When these arrays are declared, the space for their data is allocated on the stack. The key point is that the space is fixed.

A stack based buffer overflow occurs when more data than what was allocated is put into the buffer and the excess data “overflows” into other stack memory space.

Stack-based buffer overflows are exploitable because of the way the stack allocates stack frames when functions are called. Every time a function is called the return address to jump back to the previously executing function is stored on the stack.

The data that overflows in the current stack frame can overwrite data in the previous stack frame, manipulating the return address. Here’s an example of an exploitable buffer overflow.

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

void function(char *in) {
	char buf[16];
	strcpy(buf, in);
}

int main(int argc, char **argv) {
	function(argv[0]);
	return 0;
}