Fix #105, double free when parse_string fails

This fixes a double free that happens when calling cJSON_Delete on an
item that has been used by parse_string and it failed parsing the
string.

The double free happens, because parse_string frees an alias of
item->valuestring, but doesn't set item->valuestring to NULL.

cJSON.c

@@ -468,7 +468,6 @@ static const unsigned char *parse_string(cJSON *item, const unsigned char *str,
     {
         goto fail;
     }
-    item->valuestring = (char*)out; /* assign here so out will be deleted during cJSON_Delete() later */
     item->type = cJSON_String;
 
     ptr = str + 1;
@@ -608,6 +607,8 @@ static const unsigned char *parse_string(cJSON *item, const unsigned char *str,
         ptr++;
     }
 
+    item->valuestring = (char*)out;
+
     return ptr;
 
 fail: