...
In this example, user input is copied to a buffer, buf. The first function, logit() copies the user input to another buffer, buffer, and prints it to standard output. Next, the runit() routine is called. This routine declares an array of 50 characters, buf, and a character pointer, ptr. However, since ptr is not initialized it references data used by the last function called. In , in this case, the contents of the user controlled data copied in the logit() function. When the data referred to by ptr is copied to buf using an unbounded strcpy(), ptr is dereferenced and the data in that location is copied to buf. If that data at that location is longer than 50 bytes the memory referred to by ptr contains more than 50 characters without a null bytecharacter, a buffer overflow will occur.
...