Not verifying the parser seems like a pretty big oversight. Parsing binary formats is notoriously dangerous!