In the buffer overflow example shown in the code below, the buffer overflow occurs inside the strcpy() function, so the jumping to the malicious code occurs when strcpy() returns, not when foo() returns. Is this true or false? Please explain.

/stack.c /+ This program has a buffer overflow vulnerability.+ #include #include #include int foo (char str) char buffer (100] / The following statement has a buffer overflow problem strcpy (buffer, str) return 1; int main (int argc, char argv) char str [400) FILE badfile; badfile = fopen("badfile", "r"); fread (str, sizeof (char),300, badfile) foo(str) printf ("Returned Properlyin") return 1