BUFFER[ ] <----- 90 bytes space allocated for BUFFER[ ]
RETURN ADDRESS <----- When the user inputs data the program control would come here and follow the 'address' stored here to go back.
But if the users inputs more than 90 bytes of data...for example XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX [user input]
This is how it would look in the memory..
So you are returning to where you want.
Well you need to send enough data to rewrite the return address to that of your malicious code - the bypass / overwrite for the Sony JIG Answer Response Scheme.