diff --git a/README b/README
index 8ec32db..e5f0d25 100644
--- a/README
+++ b/README
@@ -18,7 +18,7 @@ LEAKS
 
 TODO 
     
-    * headers table needs length fields 
+    * headers table needs length fields
     * implement tests 
     * integrations with tinyproxy..?
 
diff --git a/tinyparser b/tinyparser
index 29d6abb..38dc33e 100755
Binary files a/tinyparser and b/tinyparser differ
diff --git a/tinyparser.c b/tinyparser.c
index 3a3df00..09a0379 100644
--- a/tinyparser.c
+++ b/tinyparser.c
@@ -44,7 +44,7 @@ int parse_header(char *offset, int len) {
     char *cursor_lim = offset+len;
 
     // header title
-    char *htitle_lim = strchr(offset, ':');
+    char *htitle_lim = strchr(cursor, ':');
     if (!htitle_lim) {
         return -1;
     }
@@ -62,8 +62,17 @@ int parse_header(char *offset, int len) {
     cursor += diff;
 
     // white space and seperators 
-    while (*cursor == ':' || *cursor == ' ') {
+_loop: 
+    if (cursor > cursor_lim) {
+        return -1;
+    }
+    if (*cursor == ':') {
+        cursor++; 
+        goto _loop; 
+    }
+    if (*cursor == ' ') {
         cursor++;
+        goto _loop;
     }
 
     // header value
@@ -86,6 +95,9 @@ int parse_title(char *offset, int len) {
     if (!method_lim) {
         return -1;
     }
+    if (method_lim > cursor_lim) {
+        return -1;
+    }
 
     diff = method_lim-cursor;
     ret = streencmp(method_tree, cursor, diff);
@@ -97,8 +109,13 @@ int parse_title(char *offset, int len) {
     cursor += diff;
 
     // white space 
-    while (*cursor == ' ') {
+_loop1: 
+    if (cursor > cursor_lim) {
+        return -1;
+    }
+    if (*cursor == ' ') {
         cursor++;
+        goto _loop1;
     }
 
     // uri 
@@ -106,6 +123,9 @@ int parse_title(char *offset, int len) {
     if (!uri_lim) {
         return -1;
     }
+    if (uri_lim > cursor_lim) {
+        return -1;
+    }
 
     diff = uri_lim-cursor;
     uri = cursor;
@@ -114,8 +134,13 @@ int parse_title(char *offset, int len) {
     cursor += diff;
     
     // white space 
-    while (*cursor == ' ') {
+_loop2:
+    if (cursor > cursor_lim) {
+        return -1;
+    }
+    if (*cursor == ' ') {
         cursor++;
+        goto _loop2;
     }
 
     // ver
@@ -160,9 +185,9 @@ int parse_request(char *buffer) {
 
 void debug_stats(void) {
     fprintf(stderr, "\tstats:\n"
-                    "\t\tmethod: %d\n"
-                    "\t\turi   : %.*s\n"
-                    "\t\tver   : %.*s\n",
+                    "\t\tmethod\t: %d\n"
+                    "\t\turi\t: %.*s\n"
+                    "\t\tver\t: %.*s\n",
                     method, uri_len, uri, ver_len, ver
             );
 
@@ -173,7 +198,7 @@ void debug_stats(void) {
             continue;
         }
 
-        fprintf(stdout, "\t\t%d: %.*s\n", i, pnt->len, pnt->er);
+        fprintf(stdout, "\t\t%d\t: %.*s\n", i, pnt->len, pnt->er);
     }
 }