The REPLACE statement is able to put a NULL value into a NOT NULL column.
If the DEFAULT value for a NOT NULL column is NULL, and if you try to insert a NULL,
then the inserted NULL is detected and the "REPLACE" algorithm kicks in and
substitutes the default value. But if the default is also NULL, the second
NULL is never detected. For example:
CREATE TABLE t1(x NOT NULL DEFAULT NULL);
REPLACE INTO t1 DEFAULT VALUES;
SELECT quote(x) FROM t1;
This bug has existed in the code since before SQLite version 3.1.0 (2005-01-21).
The problem was detected by the Chromium developers using a fuzzer.