Stream 3 handle redirection causes output flood

Question

I was playing with wmic when this command

wmic<nul 3>nul

produced this:

The strange thing is, any command will work, but only stream 3 causes the output flood.
I googled and searched on SO "cmd output flood" and cannot find any duplicates nor any results.
Question: Why only stream 3 works?

Update: Likewise,

>con 3<con :

completely disables STDOUT!

Answer 1

I think that, as pointed by aschipfl, my answer to their question explains what the source of the problem is.

Please refer to them for the inner details, this answer is just a summary to explain the different behaviour.

• When a redirection is created the code inside cmd handling this task tries to avoid problems saving the original handles to the streams that are being redirected so the redirection process can be reverted.

• But the way the used function (standard _dup()) works and the order used when creating the redirection can alter the internal structures used in such a way that at the end the code reversing the redirection uses wrong information.

In short:

<nul 3<nul wmic

• <nul saves the stdin handle in &3 and assigns nul stream to &0
• 3<nul saves the handle inside &3 into &4 and assigns nul stream to &3
• wmic is executed. As it is reading from nul (assigned to &0) it can not read anything and ends.
• &0 is restored from &3 where it was saved, BUT now &3 points to nul
• &3 is restored from &4. Now it points to the original stdin

In the original aschipfl's question the observed behaviour was command prompt closing. After code execution

< file1 3< file2 echo/

the redirection cancel process leaves stdin stream pointing to a disk file (file2). cmd starts to read this file for commands to execute (as it normally does from stdin) and at end of file the read operation fails and the cmd instance ends. If you want a convoluted way of seeing it in work to start notepad you can try

( >file1 echo notepad ) & ( <nul 3<file1 break )

But in this question the behaviour is different because the stream assigned to &3, that will be copied to stdin once the redirection is reverted, is not a disk file but nul

<nul 3<nul echo/

1. Once the command is executed and redirections are reverted stdin stream is associated with nul device
2. cmd shows the prompt and tries to retrieve a new command reading from nul
3. The read operation ends but does not retrieve anything so cmd does not execute anything
4. goto 2

The question "Why only stream 3 works?" (in the sense of it does not work ;) ) is not correct. You can do something like

1>file1 <nul 4<nul echo/

and get the same result using different streams. Or you can do

 3<nul <nul echo/

and it will work (in the sense of it works).

The order in which you request the redirection of the streams, how they are handled by cmd internal code and the existence of still active previous redirections can decide the success or failure of the command.