The mime analyzer has a lot of inconsistency issues and is broken in a few places.
mime_all_headers loops and could potentially be a bad idea. More prone to DoS as well. Delete it?
mime_all_data is probably also a bad idea. Especially for large files. Delete it?
mime_entity_data seems very similar to mime_all_data and is not chunked as the similarity to the http_entity_data would imply. The current mime_entity_data should be removed and the current mime_all_data should be renamed to mime_entity_data.
mime_next_entity is never generated by the core or policy scripts and should either be fixed or deleted.
mime_one_header should probably be renamed to mime_header for consistency.
I have no clue what mime_event is for. Is it necessary?
mime_content_hash gives a non printable hash value and it could be removed since hash generation is done in the script now and eventually will be done in the file analyzer.
The wrong ifdef is used in the source: #ifdef DEBUG_BRO used instead of #ifdef DEBUG
mime_end_entity is generated generated multiple times in some cases when it shouldn't be. It's something to keep an eye out for, I never dug into it enough to find out what caused it.
It seems like the MIME analyzer should be doing this decoding for us directly.