RE: [Quickfix-developers] potential infinite loop in QuickFIX Message constructor
Brought to you by:
orenmnero
Menu
▾
▴
RE: [Quickfix-developers] potential infinite loop in QuickFIX Message constructor
|
From: Yihu F. <Yih...@re...> - 2004-09-29 14:01:58
|
Brendan, I don't think that a string of concatenation of multiple FIX messages in Message constructor will cause looping after Oren's patch for trailing chars. Any missed <SOH> or "=3D" will throw an exception. And the validation at the end of setString() will throw an exception if multiple FIX messages concatenated together because FIX bodylength field will not be able to account the extra length in the string. Regards, -Yihu -----Original Message----- From: qui...@li... [mailto:qui...@li...] On Behalf Of Brendan B. Boerner Sent: Tuesday, September 28, 2004 6:51 PM To: Yihu Fang Cc: qui...@li... Subject: RE: [Quickfix-developers] potential infinite loop in QuickFIX Message constructor QuickFIX Documentation: http://www.quickfixengine.org/quickfix/doc/html/index.html QuickFIX FAQ: http://www.quickfixengine.org/wikifix/index.php?QuickFixFAQ QuickFIX Support: http://www.quickfixengine.org/services.html Yihu, You might want to see if my fix in Message::setString(...) for a related problem works as well. The message I sent on 9/2 follows. Regards, Brendan Hi, Suppose a FIX::Message is constructed from a string and suppose the string is a concatenation of two FIX messages (e.g. suppose you're reading from a log of FIX msgs which somehow was corrupted). In Message::setString(const std::string, bool, const DataDictionary *), w/o the two lines I've added below, this will be an infinite loop as pos will increase through the massage which corresponds to the 'first' message and then reset to a low value when it reaches the 'second' message in the string i.e. pos will never be >=3D string.size(). while ( pos < string.size() ) { FieldBase field =3D extractField( string, pos, pDataDictionary ); // Begin brendan, 9/2/04 if (pos < pos2) throw InvalidMessage(); else pos2 =3D pos; // End brendan, 9/2/04 if ( count < 3 && headerOrder[ count++ ] !=3D field.getField() ) if ( doValidation ) throw InvalidMessage(); ... } Regards, Brendan > Message: 2 > Date: Mon, 27 Sep 2004 16:58:18 -0400 > From: Yihu Fang <Yih...@re...> > To: Oren Miller <or...@qu...>, > qui...@li... > Subject: [Quickfix-developers] potential infinite loop in=20 > QuickFIX Message constructor >=20 > This is a multi-part message in MIME format. >=20 > ------_=3D_NextPart_001_01C4A4D4.B7119FAC > Content-Type: text/plain; charset=3D"us-ascii" > Content-Transfer-Encoding: quoted-printable >=20 > Oren, >=20 > =3D20 >=20 > There is a bug in QuickFIX Message constructor which may exists in all > versions. An ill-formatted FIX message can let the constructor run into > a tight infinite loop. If the FIX message has an extra white space at > the end of trailer "8=3D3DFIX.4.0<SOH>...<SOH>10=3D3Dxxx<SOH> ", or any extra > characters in that matter, the constructor calls setString() and results > in an infinite loop. >=20 > =3D20 >=20 > The fix is to check the value of the equalSign and throw an exception if > not found. The diff of current CVS Message.cpp should be: >=20 > =3D20 >=20 > 560a561,562 >=20 > > if (equalSign =3D3D=3D3D std::string::npos) >=20 > > throw InvalidMessage(); >=20 > =3D20 >=20 > Thanks. >=20 > =3D20 >=20 > -Yihu ------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl _______________________________________________ Quickfix-developers mailing list Qui...@li... https://lists.sourceforge.net/lists/listinfo/quickfix-developers ----------------------------------------------------------------- Visit our Internet site at http://www.reuters.com Get closer to the financial markets with Reuters Messaging - for more information and to register, visit http://www.reuters.com/messaging Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Reuters Ltd. |
