There is a very minor opportunity for NULL dereference in compile.c. compiler_subdict() does not check the return value of get_const_value(), which could be NULL. This was found by Kirit Sankar Gupta.
This is not a security issue in practice, since compiler_subdict() calls are_all_items_const() before it gets to the call, so the condition which triggers get_const_value() to return NULL will never happen (i.e. the default: clause of get_const_value()). Still, it can't hurt to be more correct in case the conditions which are implicitly assumed could change. Plus the fix is super easy, so why not do it?