问有没有静态代码分析器可以捕捉到这个内存泄漏？

EN

e.g. 
#include<stdio.h> 
void foo(void) {
    int *ptr = (int *)malloc(512);
    ptr = (int *)0xffffffff;
    free(ptr);
 }
int main(){
        foo();
        return 1;
}

Valigrind Output:

[test@myhost /tmp]# valgrind --tool=memcheck --leak-check=full ./Ex1
==23780== Memcheck, a memory error detector
==23780== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al.
==23780== Using Valgrind-3.5.0 and LibVEX; rerun with -h for copyright info
==23780== Command: ./Ex1
==23780== 
==23780== Invalid free() / delete / delete[]
==23780==    at 0x4A05A31: free (vg_replace_malloc.c:325)
==23780==    by 0x400509: foo (in /tmp/Ex1)
==23780==    by 0x400514: main (in /tmp/Ex1)
==23780==  Address 0xffffffff is not stack'd, malloc'd or (recently) free'd
==23780== 
==23780== 
==23780== HEAP SUMMARY:
==23780==     in use at exit: 512 bytes in 1 blocks
==23780==   total heap usage: 1 allocs, 1 frees, 512 bytes allocated
==23780== 
==23780== 512 bytes in 1 blocks are definitely lost in loss record 1 of 1
==23780==    at 0x4A05E1C: malloc (vg_replace_malloc.c:195)
==23780==    by 0x4004E9: foo (in /tmp/Ex1)
==23780==    by 0x400514: main (in /tmp/Ex1)
==23780== 
==23780== LEAK SUMMARY:
==23780==    definitely lost: 512 bytes in 1 blocks
==23780==    indirectly lost: 0 bytes in 0 blocks
==23780==      possibly lost: 0 bytes in 0 blocks
==23780==    still reachable: 0 bytes in 0 blocks
==23780==         suppressed: 0 bytes in 0 blocks
==23780== 
==23780== For counts of detected and suppressed errors, rerun with: -v
==23780== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 4 from 4)