The following code crashes with "AddressSanitizer: attempting free on address which was not malloc()-ed" in the sqlite3_prepare_v2 call. In different contexts it may also crash with a global stack underflow.

#include "sqlite3.h"

int main() {
    sqlite3 *db;
    sqlite3_open(":memory:", &db);
    sqlite3_limit(db, SQLITE_LIMIT_LENGTH, 0);

    sqlite3_stmt *stmt;
    sqlite3_prepare_v2(db, "SELECT foo", 11, &stmt, 0);

    sqlite3_finalize(stmt);
    sqlite3_close(db);
}

Setting SQLITE_LIMIT_LENGTH to 0 doesn't make sense of course but perhaps this should be safeguarded, i.e. under the SQLITE_ENABLE_API_ARMOR flag.