From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050512 Fedora/1.0.4-2 Firefox/1.0.4 Description of problem: > /usr/bin/who -Hliw ** buffer overflow detected ***: /usr/bin/who terminated ======= Backtrace: ========= /lib/libc.so.6(__chk_fail+0x41)[0xc0d415] /lib/libc.so.6(__vsprintf_chk+0x0)[0xc0cce0] /lib/libc.so.6(_IO_default_xsputn+0x97)[0xb8f918] /lib/libc.so.6(_IO_vfprintf+0x363f)[0xb6d3b1] /lib/libc.so.6(__vsprintf_chk+0xa1)[0xc0cd81] /lib/libc.so.6(__sprintf_chk+0x30)[0xc0ccd4] /usr/bin/who[0x804927b] /usr/bin/who[0x8049c73] /usr/bin/who[0x804a87f] /lib/libc.so.6(__libc_start_main+0xc6)[0xb43de6] /usr/bin/who[0x8048fb1] ======= Memory map: ======== 006eb000-006f4000 r-xp 00000000 03:03 44906 /lib/libgcc_s-4.0.0-20050518.so.1 006f4000-006f5000 rwxp 00009000 03:03 44906 /lib/libgcc_s-4.0.0-20050518.so.1 00824000-00825000 r-xp 00824000 00:00 0 0093e000-00958000 r-xp 00000000 03:03 48262 /lib/ld-2.3.5.so 00958000-00959000 r-xp 00019000 03:03 48262 /lib/ld-2.3.5.so 00959000-0095a000 rwxp 0001a000 03:03 48262 /lib/ld-2.3.5.so 00b2f000-00c53000 r-xp 00000000 03:03 48269 /lib/libc-2.3.5.so 00c53000-00c55000 r-xp 00124000 03:03 48269 /lib/libc-2.3.5.so 00c55000-00c57000 rwxp 00126000 03:03 48269 /lib/libc-2.3.5.so 00c57000-00c59000 rwxp 00c57000 00:00 0 08048000-0804e000 r-xp 00000000 03:0c 378398 /usr/bin/who 0804e000-0804f000 rw-p 00005000 03:0c 378398 /usr/bin/who 085c2000-085e3000 rw-p 085c2000 00:00 0 [heap] b7d2a000-b7d30000 r--s 00000000 03:0c 219342 /usr/lib/gconv/gconv-modules.cache b7d30000-b7d6e000 r--p 00000000 03:0c 747260 /usr/share/locale/de/LC_MESSAGES/coreutils.mo b7d6e000-b7f6e000 r--p 00000000 03:0c 344376 /usr/lib/locale/locale-archive b7f6e000-b7f6f000 rw-p b7f6e000 00:00 0 b7f8b000-b7f8c000 rw-p b7f8b000 00:00 0 bfa77000-bfa8c000 rw-p bfa77000 00:00 0 [stack] Abgebrochen Version-Release number of selected component (if applicable): coreutils-5.2.1-47 How reproducible: Always Steps to Reproduce: 1. LANG=de_DE.UTF-8 /usr/bin/who -Hliw 2. 3. Actual Results: see description Expected Results: it should work ;) Additional info:
Hmm, recompiling with -fno-inline makes the problem disappear.
#define IDLESTR_LEN 6 ... in print_line(): char x_idle[1 + IDLESTR_LEN + 1]; .. sprintf (x_idle, " %-6s", idle); where, for LANG=de_DE.UTF8, "idle" has the value "UNTÃTIG" which is 8 characters long (due to UTF8!) + terminating zero, and thus overflows the x_idle buffer. gcc 1 - coreutils 0
Fixed package is coreutils-5.2.1-48.