RE: [Quickfix-developers] potential infinite loop in QuickFIX Message constructor
Brought to you by:
orenmnero
From: Brendan B. B. <br...@ka...> - 2004-09-28 23:51:33
|
Yihu, You might want to see if my fix in Message::setString(...) for a related problem works as well. The message I sent on 9/2 follows. Regards, Brendan Hi, Suppose a FIX::Message is constructed from a string and suppose the string is a concatenation of two FIX messages (e.g. suppose you're reading from a log of FIX msgs which somehow was corrupted). In Message::setString(const std::string, bool, const DataDictionary *), w/o the two lines I've added below, this will be an infinite loop as pos will increase through the massage which corresponds to the 'first' message and then reset to a low value when it reaches the 'second' message in the string i.e. pos will never be >= string.size(). while ( pos < string.size() ) { FieldBase field = extractField( string, pos, pDataDictionary ); // Begin brendan, 9/2/04 if (pos < pos2) throw InvalidMessage(); else pos2 = pos; // End brendan, 9/2/04 if ( count < 3 && headerOrder[ count++ ] != field.getField() ) if ( doValidation ) throw InvalidMessage(); ... } Regards, Brendan > Message: 2 > Date: Mon, 27 Sep 2004 16:58:18 -0400 > From: Yihu Fang <Yih...@re...> > To: Oren Miller <or...@qu...>, > qui...@li... > Subject: [Quickfix-developers] potential infinite loop in > QuickFIX Message constructor > > This is a multi-part message in MIME format. > > ------_=_NextPart_001_01C4A4D4.B7119FAC > Content-Type: text/plain; charset="us-ascii" > Content-Transfer-Encoding: quoted-printable > > Oren, > > =20 > > There is a bug in QuickFIX Message constructor which may exists in all > versions. An ill-formatted FIX message can let the constructor run into > a tight infinite loop. If the FIX message has an extra white space at > the end of trailer "8=3DFIX.4.0<SOH>...<SOH>10=3Dxxx<SOH> ", or any extra > characters in that matter, the constructor calls setString() and results > in an infinite loop. > > =20 > > The fix is to check the value of the equalSign and throw an exception if > not found. The diff of current CVS Message.cpp should be: > > =20 > > 560a561,562 > > > if (equalSign =3D=3D std::string::npos) > > > throw InvalidMessage(); > > =20 > > Thanks. > > =20 > > -Yihu |