Irony would be such a patch leaking information about the state of any random number generator leading to more easily guessable session keys or the like.
(Of course, creating suitable fake data with a separate PNRG to avoid this would be pretty easy.)
Has anyone already made a patch for this bug, where the lib returns random data instead of actual heap chunks?