sqlite3_str_finish —
Finalize A Dynamic String
char *
sqlite3_str_finish(sqlite3_str*);
The sqlite3_str_finish(X) interface destroys the sqlite3_str object X and
  returns a pointer to a memory buffer obtained from sqlite3_malloc64() that
  contains the constructed string. The calling application should pass the
  returned value to sqlite3_free() to avoid a memory leak. The
  sqlite3_str_finish(X) interface may return a NULL pointer if any errors were
  encountered during construction of the string. The sqlite3_str_finish(X)
  interface will also return a NULL pointer if the string in sqlite3_str object
  X is zero bytes long.