diff --git a/overlay_buffer.c b/overlay_buffer.c
index d9a51069..17bb8147 100644
--- a/overlay_buffer.c
+++ b/overlay_buffer.c
@@ -80,7 +80,7 @@ int ob_makespace(overlay_buffer *b,int bytes)
     }
   }
 
-  if (0)
+  if (1)
     printf("ob_makespace(%p,%d)\n  b->bytes=%p,b->length=%d,b->allocSize=%d\n",
 	   b,bytes,b->bytes,b->length,b->allocSize);
 
@@ -97,11 +97,33 @@ int ob_makespace(overlay_buffer *b,int bytes)
       }
       if (1) printf("  realloc(b->bytes=%p,newSize=%d)\n",
 	     b->bytes,newSize);
-#warning useless malloc() call to make sure that heap corruption check runs before we do any real work
-      void *p=malloc(1);
-      unsigned char *r=realloc(b->bytes,newSize);
-      if (!r) return WHY("realloc() failed");
-      b->bytes=r;
+      /* XXX OSX realloc() seems to be able to corrupt things if the heap is not happy when calling realloc().
+	 So will do a three-stage malloc,bcopy,free to see if we can tease the bug out that way. */
+      /*
+	unsigned char *r=realloc(b->bytes,newSize);
+	if (!r) return WHY("realloc() failed");
+	b->bytes=r; 
+      */
+#warning adding lots of padding to try to catch overruns
+      if (b->bytes) {
+	int i;
+	int corrupt=0;
+	for(i=0;i<4096;i++) if (b->bytes[b->allocSize+i]!=0xbd) corrupt++;
+	if (corrupt) {
+	  printf("!!!!!! %d corrupted bytes in overrun catch tray\n",corrupt);
+	  dump("overrun catch tray",&b->bytes[b->allocSize],4096);
+	  sleep(3600);
+	}
+      }
+      unsigned char *new=malloc(newSize+4096);
+      if (!new) return WHY("realloc() failed");
+      {
+	int i;
+	for(i=0;i<4096;i++) new[newSize+i]=0xbd;
+      }
+      bcopy(b->bytes,new,b->length);
+      if (b->bytes) free(b->bytes);
+      b->bytes=new;
       b->allocSize=newSize;
       return 0;
     }
@@ -111,10 +133,12 @@ int ob_makespace(overlay_buffer *b,int bytes)
 
 int ob_setbyte(overlay_buffer *b,int ofs,unsigned char value)
 {
-  if (ofs<0||ofs>b->allocSize) {
+  if (ofs<0||ofs>=b->allocSize) {
     fprintf(stderr,"ERROR: Asked to set byte %d in overlay buffer %p, which has only %d allocated bytes.\n",
 	    ofs,b,b->allocSize);
-    exit(-1);
+#warning temporary debug
+    sleep(3600);
+    return -1;
   }
   b->bytes[ofs]=value;
   return 0;
@@ -287,3 +311,27 @@ int ob_dump(overlay_buffer *b,char *desc)
     }
   return 0;
 }
+
+#undef malloc
+#undef calloc
+#undef free
+
+void *_serval_debug_malloc(unsigned int bytes,char *file,const char *func,int line)
+{
+  void *r=malloc(bytes);
+  fprintf(stderr,"%s:%d:%s(): malloc(%d) -> %p\n",file,line,func,bytes,r);
+  return r;
+}
+
+void *_serval_debug_calloc(unsigned int bytes,unsigned int count,char *file,const char *func,int line)
+{
+  void *r=calloc(bytes,count);
+  fprintf(stderr,"%s:%d:%s(): calloc(%d,%d) -> %p\n",file,line,func,bytes,count,r);
+  return r;
+}
+
+void _serval_debug_free(void *p,char *file,const char *func,int line)
+{
+  free(p);
+  fprintf(stderr,"%s:%d:%s(): free(%p)\n",file,line,func,p);
+}
diff --git a/rhizome_packetformats.c b/rhizome_packetformats.c
index 92191539..a33f065a 100644
--- a/rhizome_packetformats.c
+++ b/rhizome_packetformats.c
@@ -73,9 +73,6 @@ int bundles_available=-1;
 int bundle_offset[2]={0,0};
 int overlay_rhizome_add_advertisements(int interface_number,overlay_buffer *e)
 {
-#warning Mac-specific debug thing here
-  setenv("MallocScribble","1",1);
-
   int pass;
   int bytes=e->sizeLimit-e->length;
   int overhead=1+8+1+3+1+1+1; /* maximum overhead */
@@ -195,9 +192,11 @@ int overlay_rhizome_add_advertisements(int interface_number,overlay_buffer *e)
 	    int overhead=0;
 	    int frameFull=0;
 	    if (!pass) overhead=2;
-	    printf("e=%p, e->bytes=%p,e->length=%d\n",e,e->bytes,e->length);
+	    printf("e=%p, e->bytes=%p,e->length=%d, e->allocSize=%d\n",
+		   e,e->bytes,e->length,e->allocSize);
 	    
-	    if (ob_makespace(e,overhead+blob_bytes)) {
+	    
+	    if (ob_makespace(e,overhead+2+blob_bytes)) {
 	      if (debug&DEBUG_RHIZOME) 
 		fprintf(stderr,"Stopped cramming %s into Rhizome advertisement frame.\n",
 			pass?"BARs":"manifests");
@@ -205,6 +204,8 @@ int overlay_rhizome_add_advertisements(int interface_number,overlay_buffer *e)
 	    }
 	    if (!pass) {
 	      /* put manifest length field and manifest ID */
+	      /* XXX why on earth is this being done this way, instead of 
+		 with ob_append_byte() ??? */		
 	      ob_setbyte(e,e->length,(blob_bytes>>8)&0xff);
 	      ob_setbyte(e,e->length+1,(blob_bytes>>0)&0xff);
 	      if (debug&DEBUG_RHIZOME)
@@ -213,6 +214,11 @@ int overlay_rhizome_add_advertisements(int interface_number,overlay_buffer *e)
 	    if (frameFull) { 
 	      goto stopStuffing;
 	    }
+	    if (e->length+overhead+blob_bytes>=e->allocSize) {
+	      WHY("Reading blob will overflow overlay_buffer");
+#warning temporary debug measure
+	      sleep(3600);
+	    }
 	    if (sqlite3_blob_read(blob,&e->bytes[e->length+overhead],blob_bytes,0)
 		!=SQLITE_OK) {
 	      if (!pass) {
diff --git a/serval.h b/serval.h
index e921c54b..9893ca43 100644
--- a/serval.h
+++ b/serval.h
@@ -1052,3 +1052,13 @@ extern int mdp_client_socket;
 
 int ob_bcopy(overlay_buffer *b,int from, int to, int len);
 int ob_setbyte(overlay_buffer *b,int ofs,unsigned char value);
+
+#define malloc(X) _serval_debug_malloc(X,__FILE__,__FUNCTION__,__LINE__)
+#define calloc(X,Y) _serval_debug_calloc(X,Y,__FILE__,__FUNCTION__,__LINE__)
+#define free(X) _serval_debug_free(X,__FILE__,__FUNCTION__,__LINE__)
+
+void *_serval_debug_malloc(unsigned int bytes,char *file,const char *func,int line);
+void *_serval_debug_calloc(unsigned int bytes,unsigned int count,char *file,const char *func,int line);
+void _serval_debug_free(void *p,char *file,const char *func,int line);
+
+