rand: add a clang-analyzer work-around

scan-build would warn on a potential access of an uninitialized
buffer. I deem it a false positive and had to add this somewhat ugly
work-around to silence it.

diff --git a/lib/rand.c b/lib/rand.c
index 2670af9d97b72ef4e6e8c1d2d9c1d7cbad7f1ed2..0769ed15128074e46c353c62cb4f7a70ab14d036 100644 (file)
--- a/lib/rand.c
+++ b/lib/rand.c
@@ -157,6 +157,12 @@ CURLcode Curl_rand_hex(struct Curl_easy *data, unsigned char *rnd,
   unsigned char *bufp = buffer;
   DEBUGASSERT(num > 1);
 
+#ifdef __clang_analyzer__
+  /* This silences a scan-build warning about accesssing this buffer with
+     uninitialized memory. */
+  memset(buffer, 0, sizeof(buffer));
+#endif
+
   if((num/2 >= sizeof(buffer)) || !(num&1))
     /* make sure it fits in the local buffer and that it is an odd number! */
     return CURLE_BAD_FUNCTION_ARGUMENT;