Artur Zakirov <a.zakirov@postgrespro.ru> writes:
>> I think the NIImportOOAffixes() in spell.c should be corrected to avoid
>> this bug.
> I have attached a patch. It adds new functions parse_ooaffentry() and
> get_nextentry() and fixes a couple comments.
I do not like this patch much. It is basically "let's stop using sscanf()
because it seems to have a bug on one platform". There are at least two
things wrong with that approach:
1. By my count there are about 80 uses of *scanf() in our code. Are we
going to replace every one of them with hand-rolled code? If not, why
is only this instance vulnerable? How can we know whether future uses
will have a problem?
2. We're not being very good citizens of the software universe if we
just install a hack in Postgres rather than nagging Apple to fix the
bug at its true source.
I think the appropriate next step to take is to dig into the OS X
sources (see http://www.opensource.apple.com, I think probably the
relevant code is in the Libc package) and identify exactly what is
causing the misbehavior. That would both allow an informed answer
to point #1 and greatly increase the odds of getting action on a
bug report to Apple. Even if we end up applying this patch verbatim,
I think we need that information first.
regards, tom lane