It does not appear that assuming that the array buf (in getbuf) starts 12 bytes below the beginning of the stack frame. Why not, and how can I find out where it starts?

The compiler generates code that makes sure there is room (on the stack) for local variables. There is no restriction that says the compiler must squeeze all local variables into the minimum memory space possible.

To find the address of the buffer, note that in the function getbuf this happens: Gets(buf). This means that getbuf must push the address of buf on the stack before calling Gets. By examining the code you can determine what is pushed on the stack (to get the absolute address you need to use gdb for this), this is the address of the buffer.