theft_random_bits_bulk isn't zeroing buffer

[dcreager]

The docs for theft_random_bits_bulk say that it will zero the buffer before filling in the random data that comes out of the PRNG, but it doesn't look like that is happening. The data is ORed into the buffer:

https://github.com/silentbicycle/theft/blob/62e093d9e33bb4218736dce2535eedda2904b8ba/src/theft_random.c#L75

but I don't see anywhere that's zeroing the buffer first. (:tophat: to valgrind tracking undefined data values for catching this!)

I can work around this with a memset before calling theft_random_bits_bulk, but wanted to report it upstream too!

[silentbicycle]

Thanks for reporting this, it will be fixed in the next release.