Thanks for the hint about cppcheck, I didn't know this utility.mar wrote: This is where static analyzers come in handy, cppcheck finds this easily (cplus.c, lines 261 and 302).
It also claims out of bounds access (idx 64) in moves.c, line 325, but this may be a false positive.
It integrates nicely as a plugin into Visual Studio.
The Visual Studio code analyzer does not find this, it is basically looking for Windows incompatibilities and wrong system call parameters.