Write or buffer overflow on compile-time allocated memory. See the code snippet as follows:

/* test case 2 : out-of-bounds : write overflow [on compile-time memory] */
static void write_overflow_compilemem(void)
{
    int i, arr[5], tmp[8];
    for (i=0; i<=5; i++) {
       arr[i] = 100;  /* Bug: 'arr' overflows on i==5,
                         overwriting part of the 'tmp' variable
                         - a stack overflow! */
    }
}

This has caused a stack overflow (also referred to as a stack smashing or buffer overflow (BOF)) bug; it's a serious class of vulnerability that attackers have successfully exploited many a time, starting with the Morris Worm virus back in 1988! Check out the resources in the Further reading section for more on this vulnerability on the GitHub repository.

Very interestingly, compiling and running this portion of the code on our Fedora 28 workstation Linux box (by passing the appropriate parameter), shows that there is neither compile-time nor runtime detection of this (and other similar) dangerous bugs by default (more on this later!):

$ ./membugs 2
$ ./membugs_dbg 2
$ 

These bugs are also sometimes called off-by-one errors.

There's more, though (as usual); let's do a quick experiment. In the membugs.c:write_overflow_compilemem() function, change the number of times we loop from 5 to 50:

 for (i = 0; i <= 50; i++) {
    arr[i] = 100;
}

Rebuild and retry; look at the output now on an Ubuntu 18.04 LTS Desktop Linux system (on Fedora too, but with a vanilla kernel):

$ ./membugs 2
*** stack smashing detected ***: <unknown> terminated
Aborted
$ 

The fact is, modern compilers use a stack-protector feature to detect stack-overflow bugs and more importantly, attacks. With a large enough value, the overflow was detected; but with the default value, the bug escaped undetected! We stress the importance of using tools (which includes compilers) to detect these hidden bugs in the next chapter.