I think for libraries that MUST parse untrusted input (e.g. compression libraries, AV scanners, email clients, web clients, etc.) to be of any use, or are commonly used to process untrusted input this makes sense. At a minimum the crash indicates the system can't process/scan/etc and it may fail open (pass it through), or end up in a DoS situation. Either way I expect things like gzip/tar to never puke.