This is the heartbleed fix. Please tell me WHAT could go wrong with it. The code is quite straightforward
http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=96db902
Funnily enough, I kind of agree with your reasoning more in regards to the Apple SSL bug. That bug is very trivial but it actually brings a functional change (a certain security check being ignored). So a code originally created and tested agains the tree with this bug could have been potentially broken when the bug is fixed (even though its extremely unlikely) what is actually most scary in that story that Apple apparently didn't have a unit test for that case or that the compiler didn't catch and warn about unreachable code (or that the programmer didn't check the warning). However, all heart bleed does is add an additional buffer overflow check. This change is so trivial that I simply can't see any issues with production code arising out of it, unless that production code would voluntarily cause buffer overflows.
Basically, while you are right theoretically, people update their code again such trivial fixes all the time without any issues.
I do agree that OpenSSL code is kind of... messy
----------
There is a bunch of package managers for OS X such as Homebrew and MacPorts. Not to mention Apple's own softwareupdate tool and App Store.
That said, I already had a case where apt-get upgrade killed my installation