Stack Layout During a Buffer Overflow

The stack grows down (high addresses on top). A write that runs off the end of buffer[16] climbs up toward the return address. Hover any cell for its role and the defense that stops it.

Normal stack contents
Attacker-controlled bytes
Annotation
Other frames (greyed)
Normal call high addresses ↑ Caller's stack frame Return address 0x4011d3 Saved frame pointer 0x7ffe...c0 char buffer[16] "Hello\0........." low addresses ↓ stack pointer Overflow high addresses ↑ Caller's stack frame Return address — OVERWRITTEN 0xdeadbeef Saved frame ptr — OVERWRITTEN AAAA char buffer[16] "AAAAAAAAAAAAAAAA"+more low addresses ↓ stack pointer → now jumps to attacker code (shellcode / ROP)
When the function returns, the CPU pops the corrupted return address and jumps to attacker-controlled memory.