On Tue, 18 Oct 2022 22:57:23 +0200, Stefan Sperling wrote:
> So this struct provides offsets into another buffer, where the
> actual tree data is stored. This tree buffer itself is still
> allocated and freed each time.
> Each time we parse a new tree, all fields of above struct will be
> rewritten, up to as many entries as the newly parsed tree contains.
> If the allocation is larger, the remaining entries will contain
> pointers into tree buffers which have been freed, and callers
> know not to look at entries beyond the number of valid entries.
> Could such pointers be abused? If so, I could simply NULL them out
> before returning from the parser.
OK, so nothing should rely on the fields being zeroed. I think it
is fine as-is then.