After all these years, why are we still having buffer overruns?? Pretty interesting article, and one of the clearer explanations of the run-time stack I've seen.
Kuperman, B. A., Brodley, C. E., Ozdoganoglu, H., Vijaykumar, T. N., and Jalote, A. 2005. Detection and prevention of stack buffer overflow attacks. Commun. ACM 48, 11 (Nov. 2005), 50-56. DOI= http://doi.acm.org/10.1145/1096000.1096004