The NULL dereference happens if sqlite3_initialize fails. In the context of sqlite3MemdbInit at least this will never happen, because sqlite3MemdbInit is only called by sqlite3_initialize (and recursive/subsequent calls to sqlite3_initialize are no-ops). The most recent copy of the sqlite3 source I have on hand doesn't include sqlite3_appendvfs_init so I can't check whether that one is in a similar situation :) I haven't analysed timeOfDay for the same reason, although it does seem like it's worth accounting for sqlite3_vfs_find(0) returning NULL in this context even if it's not currently called without a successful sqlite3_initialize.