From 372fffac69e0a3c8ebccf979e4845b98d7c2e8b8 Mon Sep 17 00:00:00 2001
From: Rusty Russell <rusty@rustcorp.com.au>
Date: Wed, 1 Sep 2021 12:23:31 +0930
Subject: [PATCH] Anchor outputs are enabled by dual-funding, so this was
 reported by users there (and reliably detected now).

Reported-by: @larsschenk
Reported-by: @nickfarrow
Fixes: #4728
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Changelog-Fixed: EXPERIMENTAL: crash for some users while requesting dual funding leases.
---
 common/initial_commit_tx.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/common/initial_commit_tx.c b/common/initial_commit_tx.c
index 0330a7801..ec515f06d 100644
--- a/common/initial_commit_tx.c
+++ b/common/initial_commit_tx.c
@@ -1,5 +1,6 @@
 #include <bitcoin/script.h>
 #include <bitcoin/tx.h>
+#include <ccan/array_size/array_size.h>
 #include <ccan/endian/endian.h>
 #include <common/initial_commit_tx.h>
 #include <common/keyset.h>
@@ -101,7 +102,8 @@ struct bitcoin_tx *initial_commit_tx(const tal_t *ctx,
 	enum side lessor = !opener;
 	u32 sequence;
 	void *dummy_local = (void *)LOCAL, *dummy_remote = (void *)REMOTE;
-	const void *output_order[NUM_SIDES];
+	/* There is a direct, and possibly an anchor output for each side. */
+	const void *output_order[2 * NUM_SIDES];
 	const u8 *funding_wscript = bitcoin_redeem_2of2(tmpctx,
 							&funding_key[LOCAL],
 							&funding_key[REMOTE]);
@@ -286,6 +288,7 @@ struct bitcoin_tx *initial_commit_tx(const tal_t *ctx,
 	}
 
 	assert(n <= tx->wtx->num_outputs);
+	assert(n <= ARRAY_SIZE(output_order));
 
 	/* BOLT #3:
 	 *