The key will be the string typically are also known as null terminated string. Meaning if it has length of 16 that is exclusive of a NULL character. The parser typically need to find NULL char so that it know that it has come to the end of the string and can proceed to do other actions (like print to screen, etc). So allocation of memory (heap or stack), this should always be taken care of by programmer.
E.g. char string [LENGTH+1] or string_ptr = malloc (LENGTH+1)
So to overflow it is simply to say that if you have 16 byte buffer, it translates into char string[LENGTH] where LENGTH is 16. So the string expected to ensure no overflow should be one less (e.g. LENGTH-1). Of course, I am assuming that the byte array are indeed null terminated type array. Otherwise, it should be check by receiving functions etc (byte based length) in the codes.
There are more to the overflow such that it overrides return address and etc but suggest that you can check out this link for good read @
http://en.wikipedia.org/wiki/Buffer_overflow
