This check flags all pseudo-random number engines and engine adaptors instantiations when it initialized or seeded with default argument or a constant expression. Pseudo-random number engines seeded with a predictable value may cause vulnerabilities e.g. in security protocols.
This is a CERT security rule, see MSC51-CPP.
Example:
void foo() { std::mt19937 engine1; // Bad, always generate the same sequence std::mt19937 engine2(1); // Bad engine1.seed(); // Bad engine2.seed(1); // Bad std::time_t t; engine1.seed(std::time(&t)); // Bad, system time might be controlled by user std::random_device dev; std::mt19937 engine3(dev()); // Good }
This change looks unrelated to the patch.