Re: [Quickfix-developers] potential infinite loop in QuickFIX Message constructor

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Brendan,

I wrote a test case for this, but have not been able to duplicate the 
behavior.  Do you have an example of a string that would cause this?

--oren

On Sep 28, 2004, at 5:51 PM, Brendan B. Boerner wrote:

> QuickFIX Documentation: 
> http://www.quickfixengine.org/quickfix/doc/html/index.html
> QuickFIX FAQ: 
> http://www.quickfixengine.org/wikifix/index.php?QuickFixFAQ
> QuickFIX Support: http://www.quickfixengine.org/services.html
>
> Yihu,
>
> You might want to see if my fix in Message::setString(...)  for a
> related problem works as well.
>
> The message I sent on 9/2 follows.
>
> Regards,
> Brendan
>
> Hi,
>
> Suppose a FIX::Message is constructed from a string and suppose the
> string is a concatenation of two FIX messages (e.g. suppose you're
> reading from a log of FIX msgs which somehow was corrupted).
>
> In Message::setString(const std::string, bool, const DataDictionary
> *), w/o the two lines I've added below, this will be an infinite loop
> as pos will increase through the massage which corresponds to the
> 'first' message and then reset to a low value when it reaches the
> 'second' message in the string i.e.  pos will never be >=
> string.size().
>
>   while ( pos < string.size() )
>   {
>     FieldBase field = extractField( string, pos, pDataDictionary );
>     // Begin brendan, 9/2/04
>     if (pos < pos2) throw InvalidMessage();
>     else pos2 = pos;
>     // End brendan, 9/2/04
>
>     if ( count < 3 && headerOrder[ count++ ] != field.getField() )
>       if ( doValidation ) throw InvalidMessage();
>     ...
>   }
>
> Regards,
> Brendan
>
>
>
>
>> Message: 2
>> Date: Mon, 27 Sep 2004 16:58:18 -0400
>> From: Yihu Fang <Yih...@re...>
>> To: Oren Miller <or...@qu...>,
>>  qui...@li...
>> Subject: [Quickfix-developers] potential infinite loop in
>> QuickFIX Message constructor
>>
>> This is a multi-part message in MIME format.
>>
>> ------_=_NextPart_001_01C4A4D4.B7119FAC
>> Content-Type: text/plain; charset="us-ascii"
>> Content-Transfer-Encoding: quoted-printable
>>
>> Oren,
>>
>> =20
>>
>> There is a bug in QuickFIX Message constructor which may exists in all
>> versions. An ill-formatted FIX message can let the constructor run 
>> into
>> a tight infinite loop. If the FIX message has an extra white space at
>> the end of trailer "8=3DFIX.4.0<SOH>...<SOH>10=3Dxxx<SOH> ", or any 
>> extra
>> characters in that matter, the constructor calls setString() and 
>> results
>> in an infinite loop.
>>
>> =20
>>
>> The fix is to check the value of the equalSign and throw an exception 
>> if
>> not found. The diff of current CVS Message.cpp should be:
>>
>> =20
>>
>> 560a561,562
>>
>>>   if (equalSign =3D=3D std::string::npos)
>>
>>>     throw InvalidMessage();
>>
>> =20
>>
>> Thanks.
>>
>> =20
>>
>> -Yihu
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: IT Product Guide on 
> ITManagersJournal
> Use IT products in your business? Tell us what you think of them. Give 
> us
> Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out 
> more
> http://productguide.itmanagersjournal.com/guidepromo.tmpl
> _______________________________________________
> Quickfix-developers mailing list
> Qui...@li...
> https://lists.sourceforge.net/lists/listinfo/quickfix-developers
>