| > the code is full of weaknesses, like no NULL checks NULL checks for what? It's encoding binary, so there is no need to worry about NULL terminated strings. The only possible NULLs (the state pointer, the source pointer, or the target pointer). Sure, you could make a version of the code that adds those checks, but particularly given the context of the problem, those checks would be superfluous. As an example, look the b64enc.c program and tell me how a NULL check would avoid a possible problem in the code. > one endless loop based on pointer arithmetic It's not an endless loop, and actually that's part of their formal proof. It ends when they reach the end of their input, which is provably true, even if your memory model allows a buffers allocation addresses overflow (e.g. a buffer that might start at 0xfe and finish at 0x10). > good and fast c code looks not like this. I'm not sure that you're a good judge of that. For example, the "endless loop" & switch statement that you refer to is actually a very standard approach to implementing a state machine in C. You'll find the moral equivalent of that code in a lot of parsers. Minus the formal proof, this actually looks like very standard code with a lot of very common C idioms. |