SQLite Forum

IS NULL optimization on NOT NULL constraints breaks on corrupted databases
Login
No, sqlite3_get_table() will not invoke the callback after hitting an OOM.
So that particular failure mode will not happen with sqlite3_get_table().
If one of the pazResult[] items passed into sqlite3_get_table() is NULL, that
means the value really is NULL.  Or, at least that is what it appears to me,
assuming I didn't overlook something.

Even so, applications should not rely on a NOT NULL constraint in the schema
to ensure that a pazResult[] value is never NULL.  An attacker might change the
schema of the database, without the application knowing it, to remove the
NOT NULL constraint, for example.  It does not require a corrupt database
to cause the problems in GDAL - just a database with a maliciously modified
schema.