Proof that professional programmers can be braindead
Well, not necessarily professional programmers, but you can't argue that OpenSSL or procmail aren't or haven't been heavily used programs.
Whilst reading reddit, I stumbled upon this link: cortesi - Reading Code: In praise of superficial beauty
It discusses the importance of superficially beautiful code, and also shows several examples of major products whose code is so bad that it might, at least in the case of OpenSSL, make you worried about your privacy.
If you read further on that link, you might see this link:
procmail.c
It is, hands down, the ugliest piece of code I have ever seen. I actually tried tracing through the code, but I went nowhere.
However, the first place of ........ups still goes to OpenSLL, for the if statement with 0 as a condition, and a goto label inside it, to guard the code inside it from ever getting executed unless you jump into it.
I guess there is one thing that is certain, though. No sane man would be able to actually derive any information from the OpenSSL code that could potentially expose vulnerabilities. If they're there, you'll have to fuzz them out. Code analysis won't do you good. It might send you to a mental health institution.