Detecting these two other bugs would be pretty simple:

• Double free: Store all free'd addresses. If the same one occurs twice (without a call to malloc() allocating a buffer at that address first), report a double free
• Use after free: Keep track of free'd heap buffer regions. If any memory access falls within one of those regions report a UAF