Wouldn't go that far from reading a single commit, but to anyone looking to pick up tips from a well-known respected C codebase: don't ever write
(*(psz_text + 1 ) ) == '~'
when you can instead write
psz_text[1] == '~'
Fewer tokens means less overhead for the human reader, and that asterisk-and-add pattern is exactly what the bracket array indexing operator does, so why not use it? This is one of my many C pet peeves, heh.
Also on a more personal note, if you're going to be putting things inside parentheses with whitespace, make it symmetrical.
The main VLC developer is an amazing programmer. But if he uses his time to shave cycles off some SIMD decoding algorithm then boring things like file processing is done by random jr. developer.
The problem is that boring stuff can also be very security sensitive.
You are more than welcome to contribute and since you have a very strong opinion it seems you know your stuff, so go for it, nobody is charging a dime to work there in any case.
FFmpeg, VLC, MPlayer, libdvd*, libxvid, x264, libflac, libvorbis and all the other have multimedia library codebases started in the late 90s/early 2000. Noone cared much about security at that times.
All those projects are under-funded, done by volunteers, on countless platforms, doing very low-level stuff, and supporting many formats.
This has nothing to do with one project or another.
Maybe we should stop random people from contributing to complex C projects?