How Hackers Exploit Non-Null-Terminated Strings with strlen()

The author of the post discusses the Cert-C coding standard and rule STR32-C, which states not to pass a non-null-terminated character to a library function that expects a string. They mention that this can lead to a buffer overflow or remote code execution, using strlen() as an example of a library function that can be exploited. The author wonders how this would work, given that strlen() only reads memory until it finds the null-terminated character and returns the number of characters found.