Artur Zakirov <a.zaki...@postgrespro.ru> writes: >> I think the NIImportOOAffixes() in spell.c should be corrected to avoid >> this bug.
> I have attached a patch. It adds new functions parse_ooaffentry() and > get_nextentry() and fixes a couple comments. I do not like this patch much. It is basically "let's stop using sscanf() because it seems to have a bug on one platform". There are at least two things wrong with that approach: 1. By my count there are about 80 uses of *scanf() in our code. Are we going to replace every one of them with hand-rolled code? If not, why is only this instance vulnerable? How can we know whether future uses will have a problem? 2. We're not being very good citizens of the software universe if we just install a hack in Postgres rather than nagging Apple to fix the bug at its true source. I think the appropriate next step to take is to dig into the OS X sources (see http://www.opensource.apple.com, I think probably the relevant code is in the Libc package) and identify exactly what is causing the misbehavior. That would both allow an informed answer to point #1 and greatly increase the odds of getting action on a bug report to Apple. Even if we end up applying this patch verbatim, I think we need that information first. regards, tom lane -- Sent via pgsql-hackers mailing list (email@example.com) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers