Index: src/pager.c
==================================================================
--- src/pager.c
+++ src/pager.c
@@ -5364,18 +5364,14 @@
   int rc = SQLITE_OK;
   PgHdr *pPg;
   u8 noContent;                   /* True if PAGER_GET_NOCONTENT is set */
   sqlite3_pcache_page *pBase;
 
-  if( pgno==0 ){
-    return SQLITE_CORRUPT_BKPT;
-  }
   assert( pPager->errCode==SQLITE_OK );
   assert( pPager->eState>=PAGER_READER );
   assert( assert_pager_state(pPager) );
   assert( pPager->hasHeldSharedLock==1 );
-
 
   pBase = sqlite3PcacheFetch(pPager->pPCache, pgno, 3);
   if( pBase==0 ){
     pPg = 0;
     rc = sqlite3PcacheFetchStress(pPager->pPCache, pgno, &pBase);
@@ -5397,20 +5393,22 @@
     pPager->aStat[PAGER_STAT_HIT]++;
     return SQLITE_OK;
 
   }else{
     /* The pager cache has created a new page. Its content needs to 
-    ** be initialized.  */
-
-    pPg->pPager = pPager;
-
-    /* The maximum page number is 2^31. Return SQLITE_CORRUPT if a page
-    ** number greater than this, or the unused locking-page, is requested. */
-    if( pgno>PAGER_MAX_PGNO || pgno==PAGER_MJ_PGNO(pPager) ){
+    ** be initialized. But first some error checks:
+    **
+    ** (1) Minimum page number is 1
+    ** (2) The maximum page number is 2^31
+    ** (3) Never try to fetch the locking page
+    */
+    if( pgno==0 || pgno>PAGER_MAX_PGNO || pgno==PAGER_MJ_PGNO(pPager) ){
       rc = SQLITE_CORRUPT_BKPT;
       goto pager_acquire_err;
     }
+
+    pPg->pPager = pPager;
 
     assert( !isOpen(pPager->fd) || !MEMDB );
     noContent = (flags & PAGER_GET_NOCONTENT)!=0;
     if( !isOpen(pPager->fd) || pPager->dbSize<pgno || noContent ){
       if( pgno>pPager->mxPgno ){

Index: src/pcache.c
==================================================================
--- src/pcache.c
+++ src/pcache.c
@@ -106,11 +106,11 @@
 */
 #if SQLITE_DEBUG
 int sqlite3PcachePageSanity(PgHdr *pPg){
   PCache *pCache;
   assert( pPg!=0 );
-  assert( pPg->pgno>0 );    /* Page number is 1 or more */
+  assert( pPg->pgno>0 || pPg->pPager==0 );    /* Page number is 1 or more */
   pCache = pPg->pCache;
   assert( pCache!=0 );      /* Every page has an associated PCache */
   if( pPg->flags & PGHDR_CLEAN ){
     assert( (pPg->flags & PGHDR_DIRTY)==0 );/* Cannot be both CLEAN and DIRTY */
     assert( pCache->pDirty!=pPg );          /* CLEAN pages not on dirty list */
@@ -370,11 +370,10 @@
   sqlite3_pcache_page *pRes;
 
   assert( pCache!=0 );
   assert( pCache->pCache!=0 );
   assert( createFlag==3 || createFlag==0 );
-  assert( pgno>0 );
   assert( pCache->eCreate==((pCache->bPurgeable && pCache->pDirty) ? 1 : 2) );
 
   /* eCreate defines what to do if the page does not exist.
   **    0     Do not allocate a new page.  (createFlag==0)
   **    1     Allocate a new page if doing so is inexpensive.