这段C++代码怎么会出现内存泄漏

我写了一些C++代码来实现我自己的堆栈。但当我使用valgrind检查它时，它说可能存在内存泄漏。我查了这么久，还是找不到。

这是代码：

#ifndef RE_STACK_H
#define RE_STACK_H
#include <cstdlib>
#include "general.h"
template <typename T>
class Stack {
private:
    T* bottom;
    T* top;
    T* sentinel;
    uint32 size;
public:
    Stack(uint32 size = 30);
    ~Stack();
    void push(const T&);
    T pop();
    void expand();
};
template <typename T>
Stack<T>::Stack(uint32 size) :size(size){
    bottom = top = static_cast<T*>(malloc(size * sizeof(T)));
    sentinel = bottom + size * sizeof(T);
}
template <typename T>
Stack<T>::~Stack() {
    while (top-- != bottom){
        top->~T();
    }
    free(bottom);
}
template <typename T>
void Stack<T>::push(const T& item){
    if(top == sentinel){
        expand();
    }
    new(top++)T(item);
}
template <typename T>
T Stack<T>::pop() {
    if(bottom == top){
        return 0;
    }
    T re = *--top;
    top->~T();
    return re;
}
template <typename T>
void Stack<T>::expand() {
    size *= 2;
    uint32 temp = top - bottom;
    bottom = static_cast<T*>(realloc(bottom, size * sizeof(T)));
    top = bottom + temp;
    sentinel = bottom + size * sizeof(T);
}
#endif //RE_STACK_H


#include <iostream>
#include "NTL/Stack.h"
int main() {
    return 0;
}

这是来自valgrind:的错误信息

==33519== HEAP SUMMARY:
==33519==     in use at exit: 22,216 bytes in 190 blocks
==33519==   total heap usage: 256 allocs, 66 frees, 27,992 bytes allocated
==33519== 
==33519== 2,064 bytes in 1 blocks are possibly lost in loss record 58 of 63
==33519==    at 0x10000817C: malloc_zone_malloc (in /usr/local/Cellar/valgrind/3.11.0/lib/valgrind/vgpreload_memcheck-amd64-darwin.so)
==33519==    by 0x1005E1EFD: _objc_copyClassNamesForImage (in /usr/lib/libobjc.A.dylib)
==33519==    by 0x1005D5182: protocols() (in /usr/lib/libobjc.A.dylib)
==33519==    by 0x1005D5093: readClass(objc_class*, bool, bool) (in /usr/lib/libobjc.A.dylib)
==33519==    by 0x1005D2C13: gc_init (in /usr/lib/libobjc.A.dylib)
==33519==    by 0x1005DA24E: objc_initializeClassPair_internal(objc_class*, char const*, objc_class*, objc_class*) (in /usr/lib/libobjc.A.dylib)
==33519==    by 0x1005E7132: layout_string_create (in /usr/lib/libobjc.A.dylib)
==33519==    by 0x1005D583C: realizeClass(objc_class*) (in /usr/lib/libobjc.A.dylib)
==33519==    by 0x1005D5300: copySwiftV1MangledName(char const*, bool) (in /usr/lib/libobjc.A.dylib)
==33519==    by 0x1005D52E9: copySwiftV1MangledName(char const*, bool) (in /usr/lib/libobjc.A.dylib)
==33519==    by 0x1005D52E9: copySwiftV1MangledName(char const*, bool) (in /usr/lib/libobjc.A.dylib)
==33519==    by 0x1005D52E9: copySwiftV1MangledName(char const*, bool) (in /usr/lib/libobjc.A.dylib)
==33519== 
==33519== LEAK SUMMARY:
==33519==    definitely lost: 0 bytes in 0 blocks
==33519==    indirectly lost: 0 bytes in 0 blocks
==33519==      possibly lost: 2,064 bytes in 1 blocks
==33519==    still reachable: 0 bytes in 0 blocks
==33519==         suppressed: 20,152 bytes in 189 blocks
==33519== 
==33519== For counts of detected and suppressed errors, rerun with: -v
==33519== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 18 from 18)

我已经查看了几条评论，我想解释一下：

1. 我使用malloc()和free()而不是new和delete，因为我想分离内存分配和类构造的过程，你可以在我的析构函数中看到，我在那里释放内存。每次pop()一个项时，我都会使用类的析构函数来确保它被正确地析构函数，但我没有释放内存，因为我以后可能会使用它。

2. 多亏了Joachim Pileborg，sentinel = bottom + size * sizeof(T);应该改为sentinel = bottom + size;，但这并不是valgrind说在63的的丢失记录58中，1个块中的2064字节可能丢失的原因

3. 我知道我没有遵循3/5规则，事实上我没有完成代码，我稍后将编写复制构造函数和赋值运算符，我只想在代码不大的时候测试它。

4. 当你只是瞥了一眼就注意到我使用了malloc()时，请不要说代码是垃圾；如果您看到STL的源代码，就会看到分配器的工作方式