mFAST
mFAST copied to clipboard
Published
20 hours ago •
objectcomputing
objectcomputing
double-free when encoding.
template file:
<?xml version="1.0" encoding="UTF-8"?>
<templates version="2.25" xmlns="http://www.fixprotocol.org/ns/template-definition">
<template id="1" name="FirstMessage">
<string id="1" name="ID" presence="optional"><copy/></string>
</template>
<template id="2" name="SecondMessage">
<string id="1" name="ID"><tail/></string>
</template>
</templates>
There are two ID fields in two different message, the first one has copy attribute and another has tail attribute.
mFAST encoder will double free memory when encoding this template.
copy & tail attribute is the key point, the program will not crash when removing any of them.
I found a easy way to solve it :
diff --git a/src/mfast/coder/common/template_repo.h b/src/mfast/coder/common/template_repo.h
index d949d56..b0fa690 100644
--- a/src/mfast/coder/common/template_repo.h
+++ b/src/mfast/coder/common/template_repo.h
@@ -18,6 +18,8 @@ public:
if (elem->of_array.capacity_in_bytes_)
dictionary_alloc_->deallocate(elem->of_array.content_,
elem->of_array.capacity_in_bytes_);
+ elem->of_array.content_ = nullptr;
+ elem->of_array.capacity_in_bytes_ = 0;
}
}
I think it's just a workaround not the root cause?
