From 795e42d757dbb547c5eb075fa9e5efca78de3eb1 Mon Sep 17 00:00:00 2001
From: Rusty Russell <rusty@rustcorp.com.au>
Date: Tue, 9 Jan 2018 20:46:21 +1030
Subject: [PATCH] chaintopology: fix use-after-free which sometimes causes
 fatal() in clear_otx_peer

I've only seen this under travis, so I can't verify that this fixes it,
but it's certainly a bug which could cause that issue.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
---
 lightningd/chaintopology.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lightningd/chaintopology.c b/lightningd/chaintopology.c
index 1c50688d4..535b38a27 100644
--- a/lightningd/chaintopology.c
+++ b/lightningd/chaintopology.c
@@ -227,13 +227,15 @@ static void broadcast_done(struct bitcoind *bitcoind,
 		return;
 	}
 
+	/* No longer needs to be disconnected if peer dies. */
+	tal_del_destructor2(otx->peer, clear_otx_peer, otx);
+
 	if (otx->failed && exitstatus != 0) {
 		otx->failed(otx->peer, exitstatus, msg);
 		tal_free(otx);
 	} else {
 		/* For continual rebroadcasting, until peer freed. */
 		tal_steal(otx->peer, otx);
-		tal_del_destructor2(otx->peer, clear_otx_peer, otx);
 		list_add_tail(&otx->topo->outgoing_txs, &otx->list);
 		tal_add_destructor(otx, destroy_outgoing_tx);
 	}