Memory use after free related to custom allocator

This query identifies use-after-frees with custom allocators like BN_new.

The following code snippet would be identified as an issue by the query.

BIGNUM* compute(BIGNUM* a) {
  BIGNUM *b = BN_new();

  if (condition(a)) {
    // The BIGNUM `b` may be freed here.
    BN_free(b);
  }
  // Potential use-after-free of `b` here.
  if (condition(b)) {
    BN_free(a);
    a = BN_new();
  }

  return b;
}