In this Stack Overflow question, user txtechhelp found an issue with the
^ character which could cause a security issue.
Note: Make sure the caret(
^) is the last character! Any extra
CR\LF won’t work at all!
The caret looks for the next character to escape. However, the are no more character available to escape, so
cmd loops infinitely, looking for a character to escape. In this "loop" process,
cmd.exe will consume your computer memory. And gradually eating all memory, bringing the computer to knees.
This issue can lead to more serious security worries as one could just enter the code into the one’s unlocked computer.
Use codepage UTF-16 could solve this problem. Only UTF-8 or ASCII would cause the bug.
Make sure there is an extra
CR\LFin the file, or just simply don’t use caret at the end of the file.
This bug seems to be solved in Windows 10.
if you want to reproduce, please indicate the source:
batch-file – Bugs in cmd.exe processor – Improper Escape Character - CodeDay