...
Compass/ROSE could detect possible violations by reporting any function that has malloc() or free() but not both. This would catch some false positives, as there would be no way to tell if malloc() and free() are 'at the same level of abstraction' if they are in different functions.
The Coverity Prevent Version 5.0 USE_AFTER_FREE checker can detect the specific instances where Memory is deallocated more than once or Read/Write to target of a freed pointer.
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...