Tvheadend

When running under valgrind, occasionally I get this on shutdown:

==685== Thread 82 tvh:tcp-start:
==685== Invalid write of size 8
==685==    at 0x37326D: comet_mailbox_ws (comet.c:459)
==685==    by 0x2E9419: http_exec (http.c:1182)
==685==    by 0x2EA4A9: http_cmd_get (http.c:1257)
==685==    by 0x2EA6DC: http_process_request (http.c:1339)
==685==    by 0x2E992B: process_request (http.c:1463)
==685==    by 0x2EAABA: http_serve_requests (http.c:1916)
==685==    by 0x2EAD02: http_serve (http.c:1965)
==685==    by 0x2E2051: tcp_server_start (tcp.c:713)
==685==    by 0x2DD697: thread_wrapper (wrappers.c:161)
==685==    by 0x6C577FB: start_thread (pthread_create.c:465)
==685==    by 0x83BDB0E: clone (clone.S:95)
==685==  Address 0x1750c030 is 32 bytes inside a block of size 64 free'd
==685==    at 0x4C30D3B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==685==    by 0x3725E4: comet_done (comet.c:494)
==685==    by 0x2D0179: main (main.c:1290)
==685==  Block was alloc'd at
==685==    at 0x4C31B25: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==685==    by 0x372957: comet_mailbox_create (comet.c:123)
==685==    by 0x372957: comet_find_mailbox (comet.c:290)
==685==    by 0x3731EF: comet_mailbox_ws (comet.c:435)
==685==    by 0x2E9419: http_exec (http.c:1182)
==685==    by 0x2EA4A9: http_cmd_get (http.c:1257)
==685==    by 0x2EA6DC: http_process_request (http.c:1339)
==685==    by 0x2E992B: process_request (http.c:1463)
==685==    by 0x2EAABA: http_serve_requests (http.c:1916)
==685==    by 0x2EAD02: http_serve (http.c:1965)
==685==    by 0x2E2051: tcp_server_start (tcp.c:713)
==685==    by 0x2DD697: thread_wrapper (wrappers.c:161)
==685==    by 0x6C577FB: start_thread (pthread_create.c:465)
==685==
 [   INFO] epgdb: snapshot start

I'm guessing the comet_done cmb_destroy should be moved, perhaps to the end of the function?
(I don't have a patch).