Diesel uses the sqlite3 value text function to receive strings from SQLite while deserializing query results. We misinterpreted the corresponding [SQLite](https://sqlite.org/c3ref/value blob.html) documentation that this function always returns a UTF-8 encoded string values as *const c char. Based on that we used str::from utf8 unchecked to construct a Rust string slice without any additional UTF-8 checks in place. It turned out that this function doesn't always return correct UTF-8 strings. For field of the SQLite side storage type BLOB this pointer can contain arbitrary bytes, which makes the usage of str::from utf8 unchecked unsound as this violates the safety contract of str to only contain valid UTF-8 encoded Strings.

The preferred mitigation to the outlined problem is to update to a Diesel version 2.3.8 or newer, which includes fixes for the problem.

Diesel now correctly checks whether the provides byte buffer is actually valid UTF-8, instead of relying on SQLite's documentation. This fix is included in the 2.3.8 release.