batch-fileBugs in cmd.exe processor


This topic will focus on errors caused by the processor bugs. Here are the things we would focus on the cause and the solution of the issue.


In the example DEL File Extension, user X. Liu notices that this bug will not occurs when the file extension in the DEL command is less than 3 characters.

Parentheses Confusion

From this website, the OP has noticed a problem.


Consider the following code snippet.

if 1==1 (
    set /a result = 2*(3+4)

At your first glance, you may think CMD.exe would process it like so:

  • The condition is true, execute code block
  • Set variable result's value to 14
  • Continue

However, CMD.exe process like so:

  • The condition is true, execute code block
  • Calculate 2*(3+4, the ) after 4 is processed at the end of if code block
  • A random ) has appeared!

The second step would return Unbalanced parentheses error.


According to a German CMD.exe's set /?, we would need to quote arithmetic operations. Here's an example.

set /a result=2+5*4set /a result="2+5*4"

By the way, according to an English CMD.exe set /?, quotes are required if logical or modulus operators are present in the expression(although this is not a must-do step).

Improper Escape Character

In this Stack Overflow question, user txtechhelp found an issue with the ^ character which could cause a security issue.


anyInvaildCommand ^

Note: Make sure the caret(^) is the last character! Any extra CR\LF won't work at all!

The caret looks for the next character to escape. However, the are no more character available to escape, so cmd loops infinitely, looking for a character to escape. In this "loop" process, cmd.exe will consume your computer memory. And gradually eating all memory, bringing the computer to knees.

This issue can lead to more serious security worries as one could just enter the code into the one's unlocked computer.


  • Use codepage UTF-16 could solve this problem. Only UTF-8 or ASCII would cause the bug.

  • Make sure there is an extra CR\LF in the file, or just simply don't use caret at the end of the file.


This bug seems to be solved in Windows 10.

DEL File Extension

This bug was reported by steve2916 from this Microsoft Windows Forum thread.


Consider a folder with such files.


If we want to remove all .doc file in this directory, we usually would do:

del *.doc

However, this command also removes the .docx files. The same happens on file extensions with this pattern.

File AFile B

As we can see, as long as the file extension string contains the string used in the del command, the file will be deleted. Note that this bug only occurs when the extension string used in the del command has at least three characters. For instance, del *.do doesn't delete A.doc or A.docx.


In the thread, user MicroCompsUnltd noticed that using Powershell would solve the issue.