Yes, a "canary field" would be a good debug-mode for reference-counting. That's a very good idea.
Buffer-overflow is hard to detect, but when you switch to malloc/free there is a very good chance that valgrind will notice something. Maybe that's wishful thinking on my part.
