analyzer: fix ICE on NULL change.m_expr [PR100244]

analyzer: fix ICE on NULL change.m_expr [PR100244]

PR analyzer/100244 reports an ICE on a -Wanalyzer-free-of-non-heap
due to a case where free_of_non_heap::describe_state_change can be
passed a NULL change.m_expr for a suitably complicated symbolic value.

Bulletproof it by checking for change.m_expr being NULL before
dereferencing it.

gcc/analyzer/ChangeLog:
	PR analyzer/100244
	* sm-malloc.cc (free_of_non_heap::describe_state_change):
	Bulletproof against change.m_expr being NULL.

gcc/testsuite/ChangeLog:
	PR analyzer/100244
	* g++.dg/analyzer/pr100244.C: New test.