As per this article, when statically compiling a debug CRT it will allocate memory with specific values to assist in memory mapping: http://stackoverflow.com/questions/370195/when-and-why-will-an-os-initialise-memory-to-0xcd-0xdd-etc-on-malloc-free-new
The check for calling an RVExtension, which checks for a "buffer overrun", simply checks that output[outputSize-1] == 0x00. This is not the case in debug extensions, as they may be initialized as 0xFE or 0xCD