Try Sparse to analyze your C code. Unlike Splint, it works well with the GTK libraries and reports a wide range of issues. It also neatly fits in with the autotools build system, so you can basically run your autotools and prep for a make, and then call:
make CC=cgcc
cgcc is a wrapper which invokes sparse first, and then gcc. Then go through the warnings and fix them. 
sparse is non-free according to Debian:
http://packages.debian.org/changelogs/pool/non-free/s/sparse/current/copyright
OSL 1.1 licensed software is free software according to the Free Software Foundation.
It doesn’t matter to me what Debian thinks. Pretty much every project out there have their own ideals of what is entirely free and what is not. For the BSDs, even the GPL is not free enough. I trust FSF’s reviews about free software licenses. But this is not to tell you what you should use
Go with what works for you.
The post was about the program anyway.