Ecrecover can return a random address


Regarding the ecrecover function, the following article raised an attack vector that I wanted to know if this has ever happened? Is there an example of it? If not, is there a non-fuzzing way to show it?

In some cases ecrecover can return a random address instead of 0 for an invalid signature. This is prevented above by the owner address inside the typed data.

The next question is whether this is also true for ECDSA.recover? If not, where in the OZ library can it be prevented?

Thank you