Path: utzoo!utgpu!jarvis.csri.toronto.edu!rutgers!mit-eddie!uw-beaver!sumax!thebes!polari!georgf
From: georgf@polari.UUCP (George Forsman)
Newsgroups: comp.sys.ibm.pc
Subject: Re: Crashing DOS
Message-ID: <1350@polari.UUCP>
Date: 5 Mar 90 01:20:08 GMT
References: <46@demott.COM>
Reply-To: georgf@.UUCP (George Forsman)
Organization: PolarServ, Seattle WA
Lines: 35

In article <46@demott.COM> kdq@demott.COM (Kevin D. Quitt) writes:
>
> [use of "set path=%path%;%path%" to create a path longer than 128
>   characters]
>
>    Much to my amazement, this locked up DOS.  

Yes, it does.  For versions of MS-DOS 3.30a and above it does lock up. 
MS-DOS checks for batch file line-length, but apparently fails to check
AFTER environment variable expansion has occured, and therefore an internal
buffer gets overflowed.  Whatever was beyond that buffer is important for
future SET commands.

I had the opportunity to test this under a number of DOS versions.

>
>    Every 386 based machine crashed when trying to do this.
>
>    Every other machine handled this without a problem (except repoting
>	a syntax error on the line that was too long.
>

My guess is that the version of DOS differed on these machines.  MS-DOS
(or derivatives) dated before 02-02-88 will report a "bad command" or
some other error (but an error will be returned).  Under 3.30a (dated
02-02-88 or later) it seems to lock up after a subsequent SET command.

Under some versions of 4.01, it has even re-booted my machine.  Many 
strange things happen when a buffer overflow occurs!

>kdq

-George Forsman

no .sig, but ...!uw-beaver!sumax!polari!georgf should work.