Bug #2865
Updated by Junxiao Shi over 9 years ago
expressInterest [returns returns the memory address](https://github.com/named-data/ndn-cxx/blob/68c0d884a2af7235f888418778a69362fae8f2c3/src/face.cpp#L192) address of the interest copy as the PendingInterestId. PendingInterestId:<br> https://github.com/named-data/ndn-cxx/blob/68c0d884a2af7235f888418778a69362fae8f2c3/src/face.cpp#L192 And removePendingInterest [uses uses this memory address](https://github.com/named-data/ndn-cxx/blob/6fcdde20e2fa1454941069b6d1c35db5768236b8/src/detail/pending-interest.hpp#L117) address to find the entry to remove it from the PIT. PIT:<br> https://github.com/named-data/ndn-cxx/blob/6fcdde20e2fa1454941069b6d1c35db5768236b8/src/detail/pending-interest.hpp#L117 Note that removePendingInterest is supposed to do nothing if the interest is no longer in the PIT. Therefore, the following failure mode is possible: 1. * The application calls expressInterest for interest 1 and receives memory address X of the interest copy as the PendingInterestId. 2. * The application keeps X. 3. * A data packet is received, the library removes interest 1 from the PIT, freeing the memory of the interest. 4. * The application calls expressInterest again for interest 2. (This returned PendingInterestId is ignored.) The library just happens to use the same memory address X for the interest copy. 5. * Another part of the application wants to cancel the original interest 1, and calls removePendingInterest(X). 6. * Interest 1 is no longer in the PIT. But the memory address X is re-used as the same PendingInterestId for interest 2, so the library falsely removes interest 2 from the PIT.