tox_new() should return null when savedata loading fails

Returning a valid tox instance when loading a corrupt
savefile is probably not desired behaviour

toxcore/tox.c

@@ -567,12 +567,23 @@ Tox *tox_new(const struct Tox_Options *options, Tox_Err_New *error)
 
     if (load_savedata_tox
             && tox_load(tox, tox_options_get_savedata_data(opts), tox_options_get_savedata_length(opts)) == -1) {
+        mono_time_free(tox->mono_time);
+        tox_options_free(default_options);
+        unlock(tox);
+
+        if (tox->mutex != nullptr) {
+            pthread_mutex_destroy(tox->mutex);
+        }
+
+        free(tox->mutex);
+        free(tox);
+
         SET_ERROR_PARAMETER(error, TOX_ERR_NEW_LOAD_BAD_FORMAT);
-    } else if (load_savedata_sk) {
+        return nullptr;
+    }
+
+    if (load_savedata_sk) {
         load_secret_key(tox->m->net_crypto, tox_options_get_savedata_data(opts));
-        SET_ERROR_PARAMETER(error, TOX_ERR_NEW_OK);
-    } else {
-        SET_ERROR_PARAMETER(error, TOX_ERR_NEW_OK);
     }
 
     m_callback_namechange(tox->m, tox_friend_name_handler);
@@ -600,6 +611,9 @@ Tox *tox_new(const struct Tox_Options *options, Tox_Err_New *error)
     tox_options_free(default_options);
 
     unlock(tox);
+
+    SET_ERROR_PARAMETER(error, TOX_ERR_NEW_OK);
+
     return tox;
 }
 

toxcore/tox.h

@@ -871,9 +871,6 @@ typedef enum Tox_Err_New {
  * This function will bring the instance into a valid state. Running the event
  * loop with a new instance will operate correctly.
  *
- * If loading failed or succeeded only partially, the new or partially loaded
- * instance is returned and an error code is set.
- *
  * @param options An options object as described above. If this parameter is
  *   NULL, the default options are used.
  *