Question on buffer overflows
I know how buffer overflows work in theory. Dynamic memory areas are given user access for input reasons and bounds checking is not used so excess data goes to the stack which is executed by the OS with system level access and bad stuff happens. My questions is: what kind of code actually leads to buffer overflows being possible? I will give two examples of code, one of which I believe could lead to a buffer overflow, the other one I think will not, am I right?
SHOULD lead to buffer overflow
Code:
char* pString = new char[10];
cin >> p;
SHOULD NOT lead to buffer overflow
Code:
char* pString = new char[10];
cin.getline(p, 10);