Pointer arithmetic is C's defining feature and its defining danger: array indexing, string handling, and every buffer-overflow CVE are the same mechanism. The Linux kernel and SQLite walk buffers with pointers exactly as you do here, and understanding the ptr+1-scales-by-sizeof rule is what makes reading their source possible.