Heap corruption: What could the cause be?

I am investigating a crash due to heap corruption. As this issue is non-trivial and involves analyzing the stack and dump results, I have decided to do a code review of files related to the crash.

To be frank, I don't have in-depth knowledge of when the heap could be corrupted.

I would appreciate if you could suggest scenarios which could lead to heap corruption.

Platform: Windows XP

Language: C++

Compiler: VC6

Solution

Common scenarios include:

Writing outside the allocated space of an array (char *stuff = new char[10]; stuff[10] = 3;)
Casting to the wrong type
Uninitialized pointers
Typo error for -> and .
Typo error when using * and & (or multiple of either)

[EDIT] From the comments, a few more:

Mixing new [] and new with delete [] and delete
Missing or incorrect copy-constructors
Pointer pointing to garbage
Calling delete multiple times on the same data
Polymorphic baseclasses without virtual destructors

C pointers understanding
Strict aliasing violation in C
Parser in C doesn't store values in a array
What is the order of evaluation of printf(..) parameters?
Compare floating point numbers as integers
Trap representation
Difference between sqrt(x) and pow(x,0.5)
Can you explain this 'Hello world' program?
how can i check file write permissions in C++ code?
Ninja Build System + gcc/clang doesn't output diagnostic colors
Why does my C program give an error when looping through an array?
Printing char array with null character in the middle in C
How do I read the source code for a C library in CLion
pthread nice value setting for default scheduler in C
Use a 3d array on a function (array that contains arrays that contain strings)
frida-server being targeted by port scan?
Are compound literals always lvalue?
Why is the beginning of a C file stream called `SEEK_SET`?
How to Take whitespace in Input in C
"undefined reference to" errors when linking static C library with C++ code
Audio timescale-pitch modification - Open source examples?
What is the easiest way to create a secured network client in Linux (C) without any external libraries?
Are there any non-twos-complement implementations of C?
Read variable value from PE file
C: Memory Allocation on Stack for Nested Structures
The max number of digits in an int based on number of bits
Aliasing struct and array the C++ way
AC_SEARCH_LIBS on a static library that itself has dependencies?
What is the relation between operator precedence and order of evaluation?
Why does my getop function in C return '+' correctly but not '=' when there are leading spaces?