Make the reference counting match the life range of cl.  Before, other
threads could crash on accessing the prematurely freed cl.

diff -up a/LibVNCServer-0.8.2/libvncserver/main.c b/LibVNCServer-0.8.2/libvncserver/main.c
--- a/LibVNCServer-0.8.2/libvncserver/main.c	2007-07-24 20:33:55.000000000 +0200
+++ b/LibVNCServer-0.8.2/libvncserver/main.c	2007-07-25 15:53:02.000000000 +0200
@@ -441,11 +441,14 @@ clientOutput(void *data)
     rfbBool haveUpdate;
     sraRegion* updateRegion;
 
+    rfbIncrClientRef(cl);
+
     while (1) {
         haveUpdate = false;
         while (!haveUpdate) {
             if (cl->sock == -1) {
                 /* Client has disconnected. */
+                rfbDecrClientRef(cl);
                 return NULL;
             }
 	    LOCK(cl->updateMutex);
@@ -473,13 +476,13 @@ clientOutput(void *data)
         UNLOCK(cl->updateMutex);
 
         /* Now actually send the update. */
-	rfbIncrClientRef(cl);
         rfbSendFramebufferUpdate(cl, updateRegion);
-	rfbDecrClientRef(cl);
 
 	sraRgnDestroy(updateRegion);
     }
 
+    rfbDecrClientRef(cl);
+
     /* Not reached. */
     return NULL;
 }