kdq@demott.COM (Kevin D. Quitt) (03/04/90)
While checking on a technique suggested to the person who asked for
more than 128 characters in a path, I stumbled onto the following oddity:
Create a batch file (e.g. foo.bat) which contains:
set path=%path%;%path%
set
I then executed the file to see if I could get more than 128
characters in the path by this simple expedient. (I chose using PATH
twice just because why not?)
Much to my amazement, this locked up DOS. After trying this on
several machines I have noticed something that I would appreciate
comments about:
Every 386 based machine crashed when trying to do this.
Every other machine handled this without a problem (except repoting
a syntax error on the line that was too long.
Note: The path on my machine was more than 64 bytes already. I had
to execute this batch file more than once on some of the other machines
to get either the crash or the error message.
If someone knows about this magic, I'd love to hear about it. In
the mean time, I'd like other people to try it, and let me know what
happens on your system(s). If I get good enough data (i.e. whose BIOS,
what hardware, etc.), I'll publish results to the net (if anyone besides
me is interested).
kdq
--
Kevin D. Quitt Manager, Software Development
DeMott Electronics Co. VOICE (818) 988-4975
14707 Keswick St. FAX (818) 997-1190
Van Nuys, CA 91405-1266 MODEM (818) 997-4496 Telebit PEP last
34 12 N 118 27 W srhqla!demott!kdq kdq@demott.comgeorgf@polari.UUCP (George Forsman) (03/05/90)
In article <46@demott.COM> kdq@demott.COM (Kevin D. Quitt) writes: > > [use of "set path=%path%;%path%" to create a path longer than 128 > characters] > > Much to my amazement, this locked up DOS. Yes, it does. For versions of MS-DOS 3.30a and above it does lock up. MS-DOS checks for batch file line-length, but apparently fails to check AFTER environment variable expansion has occured, and therefore an internal buffer gets overflowed. Whatever was beyond that buffer is important for future SET commands. I had the opportunity to test this under a number of DOS versions. > > Every 386 based machine crashed when trying to do this. > > Every other machine handled this without a problem (except repoting > a syntax error on the line that was too long. > My guess is that the version of DOS differed on these machines. MS-DOS (or derivatives) dated before 02-02-88 will report a "bad command" or some other error (but an error will be returned). Under 3.30a (dated 02-02-88 or later) it seems to lock up after a subsequent SET command. Under some versions of 4.01, it has even re-booted my machine. Many strange things happen when a buffer overflow occurs! >kdq -George Forsman no .sig, but ...!uw-beaver!sumax!polari!georgf should work.
scotts@cpqhou.UUCP (Scott Shaffer) (03/05/90)
Two both of the previous posters, and to anyone else who adds his experience to this thread, please mention who's DOS you are using. MicroSoft, IBM, Compaq and several other OEMs each make thier OWN version of MS-DOS. I know for a fact that IBM and Compaq make enchancements to the MS version, and no doubt some other OEMs do as well. If you simply state blindly that DOS has a problem it seems to imply ALL versions and that is simply not true. Compaq DOS 3.31 (Compaq does not have a 3.30) and 4.01 do not have the 'crashing' problem you mention. +==========================================================================+ | Scott Shaffer | Compaq Computer Corporation @ Houston TX | | Systems Engr. | (These opinions do not necessarily reflect those of my| | SW Development | employer, friends or any living person.) | +==========================================================================+ "Well son, regret is a funny thing; it's better to regret something you have done, than to regret something you haven't done."
kdq@demott.COM (Kevin D. Quitt) (03/06/90)
In article <1350@polari.UUCP> georgf@polari.UUCP (George Forsman) writes: >In article <46@demott.COM> kdq@demott.COM (Kevin D. Quitt) writes: >> >> [use of "set path=%path%;%path%" to create a path longer than 128 >> characters] >> >> Much to my amazement, this locked up DOS. > >Yes, it does. For versions of MS-DOS 3.30a and above it does lock up. >[...] > >I had the opportunity to test this under a number of DOS versions. > >> >> Every 386 based machine crashed when trying to do this. >> >> Every other machine handled this without a problem (except repoting >> a syntax error on the line that was too long. >> > I misstated somewhat. All these systems are running the same version of DOS (3.30), all dated 24-Jul-87. In fact, all the machines are using Phoenix MS-DOS 3.30. I have tested two each of: 386, 286, 8088, and one V30 based machines. Only one of these machines is true blue (8088), and the others each come from a different manufacturer. And I still have no idea what the difference is. kdq -- Kevin D. Quitt Manager, Software Development DeMott Electronics Co. VOICE (818) 988-4975 14707 Keswick St. FAX (818) 997-1190 Van Nuys, CA 91405-1266 MODEM (818) 997-4496 Telebit PEP last 34 12 N 118 27 W srhqla!demott!kdq kdq@demott.com