From 02f207a76b45129e4d033c099e6d17581801c76e Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Wed, 13 Dec 2017 00:45:42 +0100
Subject: [PATCH] rand: add a clang-analyzer work-around

scan-build would warn on a potential access of an uninitialized
buffer. I deem it a false positive and had to add this somewhat ugly
work-around to silence it.
---
 lib/rand.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lib/rand.c b/lib/rand.c
index 2670af9d9..0769ed151 100644
--- a/lib/rand.c
+++ b/lib/rand.c
@@ -157,6 +157,12 @@ CURLcode Curl_rand_hex(struct Curl_easy *data, unsigned char *rnd,
   unsigned char *bufp = buffer;
   DEBUGASSERT(num > 1);
 
+#ifdef __clang_analyzer__
+  /* This silences a scan-build warning about accesssing this buffer with
+     uninitialized memory. */
+  memset(buffer, 0, sizeof(buffer));
+#endif
+
   if((num/2 >= sizeof(buffer)) || !(num&1))
     /* make sure it fits in the local buffer and that it is an odd number! */
     return CURLE_BAD_FUNCTION_ARGUMENT;