diff --git a/ql/src/semmle/go/security/AllocationSizeOverflowCustomizations.qll b/ql/src/semmle/go/security/AllocationSizeOverflowCustomizations.qll
index ddf37822c15..e354bb688ff 100644
--- a/ql/src/semmle/go/security/AllocationSizeOverflowCustomizations.qll
+++ b/ql/src/semmle/go/security/AllocationSizeOverflowCustomizations.qll
@@ -127,9 +127,11 @@ module AllocationSizeOverflow {
     }
   }
 
-  /** The first (non-type) argument to a call to `make`, considered as an allocation size. */
+  /**
+   * The first or second (non-type) argument to a call to `make`, considered as an allocation size.
+   */
   private class DefaultAllocationSize extends AllocationSize {
-    DefaultAllocationSize() { this = Builtin::make().getACall().getArgument(0) }
+    DefaultAllocationSize() { this = Builtin::make().getACall().getArgument([0 .. 1]) }
   }
 
   /** Holds if `t` is a type whose values are likely to marshal to relatively small blobs. */
diff --git a/ql/test/query-tests/Security/CWE-190/AllocationSizeOverflow.expected b/ql/test/query-tests/Security/CWE-190/AllocationSizeOverflow.expected
index 27173f3ac4c..3439a2ad0b8 100644
--- a/ql/test/query-tests/Security/CWE-190/AllocationSizeOverflow.expected
+++ b/ql/test/query-tests/Security/CWE-190/AllocationSizeOverflow.expected
@@ -4,7 +4,7 @@ edges
 | tst2.go:14:2:14:29 | ... := ...[0] : slice type | tst2.go:15:22:15:30 | call to len |
 | tst.go:14:2:14:30 | ... = ...[0] : slice type | tst.go:15:22:15:34 | call to len |
 | tst.go:20:2:20:31 | ... = ...[0] : slice type | tst.go:21:22:21:34 | call to len |
-| tst.go:26:2:26:31 | ... = ...[0] : slice type | tst.go:27:22:27:34 | call to len |
+| tst.go:26:2:26:31 | ... = ...[0] : slice type | tst.go:27:26:27:38 | call to len |
 | tst.go:34:2:34:30 | ... = ...[0] : slice type | tst.go:35:22:35:34 | call to len |
 nodes
 | AllocationSizeOverflow.go:6:2:6:33 | ... := ...[0] : slice type | semmle.label | ... := ...[0] : slice type |
@@ -18,7 +18,7 @@ nodes
 | tst.go:20:2:20:31 | ... = ...[0] : slice type | semmle.label | ... = ...[0] : slice type |
 | tst.go:21:22:21:34 | call to len | semmle.label | call to len |
 | tst.go:26:2:26:31 | ... = ...[0] : slice type | semmle.label | ... = ...[0] : slice type |
-| tst.go:27:22:27:34 | call to len | semmle.label | call to len |
+| tst.go:27:26:27:38 | call to len | semmle.label | call to len |
 | tst.go:34:2:34:30 | ... = ...[0] : slice type | semmle.label | ... = ...[0] : slice type |
 | tst.go:35:22:35:34 | call to len | semmle.label | call to len |
 #select
@@ -27,5 +27,5 @@ nodes
 | tst2.go:15:22:15:30 | call to len | tst2.go:14:2:14:29 | ... := ...[0] : slice type | tst2.go:15:22:15:30 | call to len | This operation, which is used in an $@, involves a potentially large $@ and might overflow. | tst2.go:15:22:15:32 | ...+... | allocation | tst2.go:14:2:14:29 | ... := ...[0] : slice type | value |
 | tst.go:15:22:15:34 | call to len | tst.go:14:2:14:30 | ... = ...[0] : slice type | tst.go:15:22:15:34 | call to len | This operation, which is used in an $@, involves a potentially large $@ and might overflow. | tst.go:15:22:15:36 | ...+... | allocation | tst.go:14:2:14:30 | ... = ...[0] : slice type | value |
 | tst.go:21:22:21:34 | call to len | tst.go:20:2:20:31 | ... = ...[0] : slice type | tst.go:21:22:21:34 | call to len | This operation, which is used in an $@, involves a potentially large $@ and might overflow. | tst.go:21:22:21:36 | ...+... | allocation | tst.go:20:2:20:31 | ... = ...[0] : slice type | value |
-| tst.go:27:22:27:34 | call to len | tst.go:26:2:26:31 | ... = ...[0] : slice type | tst.go:27:22:27:34 | call to len | This operation, which is used in an $@, involves a potentially large $@ and might overflow. | tst.go:27:22:27:36 | ...+... | allocation | tst.go:26:2:26:31 | ... = ...[0] : slice type | value |
+| tst.go:27:26:27:38 | call to len | tst.go:26:2:26:31 | ... = ...[0] : slice type | tst.go:27:26:27:38 | call to len | This operation, which is used in an $@, involves a potentially large $@ and might overflow. | tst.go:27:26:27:40 | ...+... | allocation | tst.go:26:2:26:31 | ... = ...[0] : slice type | value |
 | tst.go:35:22:35:34 | call to len | tst.go:34:2:34:30 | ... = ...[0] : slice type | tst.go:35:22:35:34 | call to len | This operation, which is used in an $@, involves a potentially large $@ and might overflow. | tst.go:35:22:35:36 | ...+... | allocation | tst.go:34:2:34:30 | ... = ...[0] : slice type | value |
diff --git a/ql/test/query-tests/Security/CWE-190/tst.go b/ql/test/query-tests/Security/CWE-190/tst.go
index a8e9f508566..abe4452343e 100644
--- a/ql/test/query-tests/Security/CWE-190/tst.go
+++ b/ql/test/query-tests/Security/CWE-190/tst.go
@@ -24,7 +24,7 @@ func test(x int, s string, xs []int, ys [16]int, ss [16]string, h *header) {
 	ignore(make([]byte, len(jsonData)+1)) // OK: data is small
 
 	jsonData, _ = json.Marshal(ss)
-	ignore(make([]byte, len(jsonData)+1)) // NOT OK: data might be big
+	ignore(make([]byte, 10, len(jsonData)+1)) // NOT OK: data might be big
 
 	jsonData, _ = json.Marshal(h)
 	ignore(make([]byte, len(jsonData)+1)) // OK: data is small