Yes, turn it on. It's an essential check that should always be carried out.

In essence, this is dead simple. Every programmer (once upon a time, ie when I were a lad) used to check for this. Perhaps things are more complicated now, or maybe it got dropped from basic training, but ....

When a user enters something into an input field - name, address, whatever - the input is detected and assigned to an appropriate variable to hold it. Then the program uses the data in the variable to do whatever it's intended to be used for. Sometimes the data gets passed back and forth between programs. There is always the assumption that once the program has accepted the data it's valid, usable data. So checking for non-validity should be done at the pojnt of entry. Except .... all too often it's not.  By entering a stream of garbage followed by some malicious code you can fill all the space allocated for the input field, and the input then spills over into and overwrites an adjacent area of computer memory. Once you put executable code into memory, it will execute. In principle, easy to do if input checking is sloppy. And that's a buffer overflow.

All Software Contains Bugs : that's a fact of life. Microsoft code used to be riddled with sloppy input checking, but they've done a rigorous overhaul of old code and tightened up programming of new code. Lots of Microsoft updates are put out with fixes for this particular bug, because it's so easy to manipulate once found. Find an input field that's doesn't check for length of input, work out how much the field can hold internally, give the program (x) bytes of garbage followed by your own code, and you might be able to take over a user's machine.

That is the best explanation I can give. If it's not entirely right, at least it's not entirely wrong 🙂

Let Wikipedia have the final word.  It's all on https://en.wikipedia.org/wiki/Buffer_overflow