GoForSmoke:
But when I add up those pieces I see, even without deallocation there doesn't seem to be enough to fill 1k, probably not 256 bytes. If it's a memory crash I would expect more.
Do you know how many times the code fragment has to execute to provoke the problem?