In analyzing the open-source gnuchess program, one of the warnings CodeSonar^® issued was the Buffer Overrun warning shown in the screenshot fragment below.

The buffer overrun occurs on line 1774. The statement on line 1773 is at fault: the amount of memory being allocated is computed incorrectly (despite the programmer's comments). A second flaw, reported separately, is that the value returned by malloc() is not checked.