TL;DR: if you have an open-source codec and are interested in me adding SAL annotations, let me know.
Sorry, this is borderline off-topic, but I think (/ hope) people will be interested…
Microsoft has something called Source-code Annotation Language, which is basically a set of annotations you add to an API to help their static analyzer figure out WTF the code is doing so they can do a better job of catching mistakes. It's not very commonly used (at least outside of Windows drivers), but I love the idea and it does catch bugs.
One of the big problems with SAL, IMHO, has been that it doesn't work with other compilers. I don't just mean that the compiler doesn't know what they are and silently ignores them, but that the code simply doesn't build without a header which is only included on relatively recent versions of MSVC. A while back I put together a quick project (single header) called Salieri to make the annotations invisible to non-MSVC compilers so you can safely use them on portable projects, but I haven't really played with SAL since then… I'd like to change that.
I figure if I'm going to add annotations to a project it may as well be one which is interested in integrating the changes into the official repo, so if that sounds like you please let me know. It would basically mean adding a single header file (salieri.h) to the project, and adding annotations to a bunch of functions. The SAL link above shows what those annotations look like (a bit ugly, yes, but IMHO well worth it). I'd also suggest an AppVeyor build with the /analyze flag.
To be clear, SAL isn't only about catching bugs in the compression codec. If you export an API with SAL annototions, people using MSVC + /analyze may also be able to find errors in code which interacts with your API, so even if you have very well-tested and fuzzed code there is some benefit.