In extensions rtree, fts3 and fts5, ensure that when dynamic buffers are bound

to persistent SQL statements using SQLITE_STATIC, the binding is replaced with
an SQL NULL before the buffer is freed. Otherwise, a user may obtain a pointer
to the persistent statement using sqlite3_next_stmt() and attempt to access
the freed buffer using sqlite3_expanded_sql() or similar.

FossilOrigin-Name: 2a5f813bc61f9e780f2ccbda425611f65ad523b6d486a1e5e2b9d5e9f1d260a2

ext/rtree/rtree.c

@@ -785,6 +785,7 @@ static int nodeWrite(Rtree *pRtree, RtreeNode *pNode){
     sqlite3_step(p);
     pNode->isDirty = 0;
     rc = sqlite3_reset(p);
+    sqlite3_bind_null(p, 2);
     if( pNode->iNode==0 && rc==SQLITE_OK ){
       pNode->iNode = sqlite3_last_insert_rowid(pRtree->db);
       nodeHashInsert(pRtree, pNode);

ext/rtree/rtree1.test

@@ -609,4 +609,5 @@ do_execsql_test 15.2 {
   COMMIT;
 }
 
+expand_all_sql db
 finish_test

ext/rtree/rtree4.test

@@ -250,4 +250,5 @@ for {set nDim 1} {$nDim<=5} {incr nDim} {
   do_rtree_integrity_test rtree4-$nDim.3 rx
 }
 
+expand_all_sql db
 finish_test

ext/rtree/rtree5.test

@@ -79,4 +79,5 @@ do_test rtree5-1.13 {
 } {2 2147483643 2147483647 -2147483648 -2147483643}
 do_rtree_integrity_test rtree5-1.14 t1
 
+expand_all_sql db
 finish_test

ext/rtree/rtree6.test

@@ -158,5 +158,5 @@ do_execsql_test rtree6-3.5 {
     x1>0.5 AND x1>0.5 AND x1>0.5 AND x1>0.5 AND x1>1.1
 } {}
 
-
+expand_all_sql db
 finish_test

ext/rtree/rtreeG.test

@@ -59,6 +59,7 @@ do_test rtreeG-1.4log {
   set ::log
 } {}
 
+expand_all_sql db
 db close
 sqlite3_shutdown
 test_sqlite3_log