To Keep Things Simple, Buffers Are Always Larger Than Needed

Researchers have warned of a vulnerability present on an estimated 86 percent of Android phones that may allow attackers to obtain highly sensitive credentials, including cryptographic keys for some banking services and virtual private networks, and PINs or patterns used to unlock vulnerable devices. A malicious user exploiting this vulnerability would be able to do RSA key generation, signing, and verification on behalf of the smartphone owner.

Source: arstechnica.com
Source: securityintelligence.com