...
This noncompliant code example declares the msg identifier at the start of the compilation unit (with file scope) and reuses the same identifier to declare a character array local to the report_error() function. Consequently, the programmer unintentionally copies a string to the locally declared msg array within the report_error() function, failing to initialize the assign global msg variable and resulting in a potential buffer overflow.
...