Thanks for keeping an eye out for bugs and vulnerabilities. And please do not let the following explanation discourage such efforts. We do not consider it a problem when somebody who builds the SQLite library has the power to sabotage their results. The tool is normally used from a process governed by a Makefile and gets sensible arguments. That it might do something bizarre when invoked bizarrely is of no consequence to the project. And, as Richard mentioned elsewhere today, the tool is not authored as part of the project; it is merely reused from an outside source. So it is not the project's concern.