В Mon, 12 Apr 2010 10:07:56 +0400
this is backtrace without my patch:
foo# gdb /sbin/ipfw ipfw.core
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd"...
Core was generated by `ipfw'.
Program terminated with signal 6, Aborted.
Reading symbols from /lib/libutil.so.9...done.
Loaded symbols for /lib/libutil.so.9
Reading symbols from /lib/libc.so.7...done.
Loaded symbols for /lib/libc.so.7
Reading symbols from /libexec/ld-elf.so.1...done.
Loaded symbols for /libexec/ld-elf.so.1
#0 0x281eee1b in kill () at kill.S:3
3 RSYSCALL(kill)
(gdb) bt
#0 0x281eee1b in kill () at kill.S:3
#1 0x280e8ef5 in __fail (msg=0x281f3730 "stack overflow detected; terminated") at /usr/src/lib/libc/sys/stack_protector.c:95
#2 0x280e8f30 in __stack_chk_fail () at /usr/src/lib/libc/sys/stack_protector.c:102
#3 0x08057f44 in ipfw_readfile (ac=2, av=0xbfbfecac) at /usr/src/sbin/ipfw/main.c:581
#4 0x08057fca in main (ac=2, av=0xbfbfecac) at /usr/src/sbin/ipfw/main.c:606
Current language: auto; currently asm

foo# uname -a
FreeBSD foo.vyborg.ru 9.0-CURRENT FreeBSD 9.0-CURRENT #1: Sun Apr 11
21:00:05 MSD 2010 ***@foo.vyborg.ru:/usr/obj/usr/src/sys/GENERIC
i386

so, it limit 100k addresses in table?
with 7-STABLE I have more than 100k IP and all work correct
srv1# ipfw table 25 list | wc -l
104294
srv1# uname -a
FreeBSD srv1.host-food.ru 7.2-STABLE FreeBSD 7.2-STABLE #0: Sun Oct 4
01:38:34 MSD 2009
***@srv.host-food.ru:/home/obj/usr/src/sys/HOST-FOOD i386
srv1#

Can you test your it with 100k lines? :)
I think it can be fixed with something similar to:

- sprintf(linename, "Line %d", lineno);
+ snprintf(linename, sizeof(linename), "Line %d", lineno);