@defcesco Argh, these are just blatant security holes. There's nothing subtle here.
Let's declare a fixed-size buffer and then write an unchecked/arbitrary amount of data to it! Like char buf[1024]; strcpy(buf, input); - what could possibly go wrong?! #KiTTY