Overflows can be very easy to spot, or very difficult. The easy ones to spot are usually where the coder simply forgets to do any bounds checking when handling input, the hard ones may only be found by charting the program flow and analyzing all code segments which process user input, sometimes you have to follow the input through multiple chunks of code and diffrent paths of execution to find what you are looking for and whether your crafted input can reach the vulnerable code. For starters I would reccomend analyzing the code for any calls which are known to cause overflows such as all the printf family as well as the strcpy and its related functions. There are many tools which will automate this process for you, producing a log of a calls to vulnerable or suspect functions such as FlawFinder, Pscan, and TESOgcc (These are just a few linux based tools for starters which I mention because they are free but there are many more free and commercial tools available) These tools can greatly speed up identfying vulnerabilites in source but remember these tools can only do so much, and can easily miss more complex vunerabilities. Hope this helps out, if you would like more information just ask.

-Maestr0