Maybe unsound in db_version::next_db_version

[lwz23]

hello, thank you for your contribution in this project, I am scanning the unsoundness problem in rust project.
I notice the following code:

pub fn next_db_version(
    db: *mut sqlite3,
    ext_data: *mut crsql_ExtData,
    merging_version: Option<i64>,
) -> Result<i64, String> {
    fill_db_version_if_needed(db, ext_data)?;

    let mut ret = unsafe { (*ext_data).dbVersion + 1 };
    if ret < unsafe { (*ext_data).pendingDbVersion } {
        ret = unsafe { (*ext_data).pendingDbVersion };
    }
    if let Some(merging_version) = merging_version {
        if ret < merging_version {
            ret = merging_version;
        }
    }
    unsafe {
        (*ext_data).pendingDbVersion = ret;
    }
    Ok(ret)
}

Considering pub mod db_version in #[cfg(feature = "test")] situation and this is a pub function, I assume user can directly call to this function, if it's this case , I think there may exist a unsound problem in this code, eg. maybe ext_data is null? It will lead to UB. I suggest mark this function as unsafe or add additional check to varify the pointer. I chose to report this issue for security reasons, but don't mind if the function is not intended for external use and should be marked as pub(crate), or if this is an error report and there is actually no unsound problem.

[lwz23]

same for fetch_db_version_from_storage

libsql/libsql-sqlite3/ext/crr/rs/core/src/db_version.rs

Line 98 in 0c5b83f

let schema_changed = if (*ext_data).pDbVersionStmt == ptr::null_mut() {