util-linux-2.9w has some buffer overflows when printing localized messages, causing core dumps. Just run "LC_MESSAGES=de /sbin/fdisk /dev/whatever", add a partition and watch it die after querying the partition size, as the stack frame will be clobbered by the sprintf() at line 1458 in fdisk/fdisk.c. There are possible buffer overflows in other areas too (BSD/SUN/SGI-Disklabel). In util-linux-2.10c at least the overflow in fdisk.c/add_partition() has been "fixed". Using snprintf() would certainly stop the core dumps, with only leaving mangled messages. Patch follows: --- util-linux-2.9w/fdisk/fdisk.c.overflow Fri Nov 26 12:12:04 1999 +++ util-linux-2.9w/fdisk/fdisk.c Fri Nov 26 12:13:41 1999 @@ -1370,7 +1370,7 @@ void add_partition(int n, int sys) { - char mesg[48]; + char mesg[256]; /* localized message strings *are* longer than 48, go figure... */ int i, read = 0; struct partition *p = part_table[n], *q = part_table[ext_index]; uint start, stop = 0, limit, temp, --- util-linux-2.9w/fdisk/fdisksgilabel.c.overflow Fri Nov 26 12:12:18 1999 +++ util-linux-2.9w/fdisk/fdisksgilabel.c Fri Nov 26 12:15:15 1999 @@ -671,7 +671,7 @@ void sgi_add_partition( int n, int sys ) { - char mesg[48]; + char mesg[256]; /* localized message strings *are* longer than 48, go figure... */ int first=0, last=0; if( n == 10 ) { --- util-linux-2.9w/fdisk/fdisksunlabel.c.overflow Fri Nov 26 12:12:23 1999 +++ util-linux-2.9w/fdisk/fdisksunlabel.c Fri Nov 26 12:16:10 1999 @@ -472,7 +472,7 @@ uint starts[8], lens[8]; int whole_disk = 0; - char mesg[48]; + char mesg[256]; /* localized message strings *are* longer than 48 */ int i, first, last; if (sunlabel->partitions[n].num_sectors && sunlabel->infos[n].id) { --- util-linux-2.9w/fdisk/fdiskbsdlabel.c.overflow Fri Nov 26 12:12:29 1999 +++ util-linux-2.9w/fdisk/fdiskbsdlabel.c Fri Nov 26 12:14:35 1999 @@ -235,7 +235,7 @@ xbsd_new_part (void) { uint begin, end; - char mesg[48]; + char mesg[256]; /* localized message strings *are* longer than 48, go figure */ int i; if (!xbsd_check_new_partition (&i))
This seems to have been already fixed in the latest util-linux package.