base*_encode/decode functions should clear any unused portion of their target buffer.
For safety, it's not great to leave uninitialized data in a buffer.
Occasionally, this would pose a performance cost. But I maintain that mostly it won't, and we can improve the callsites where it would.