...
Fortify SCA Version 5.0 with CERT C Rule Pack can detect violations of this recommendation.
The tool Compass / ROSE does not currently detect violations of this recommendation, but it easily could. One merely has to search a function's local block for a call to either malloc() or free(), but not both. A function could have multiple calls to free() for each malloc() call, as the compliant solution illustrates.
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...