Index: ext/rtree/rtree.c
==================================================================
--- ext/rtree/rtree.c
+++ ext/rtree/rtree.c
@@ -632,10 +632,22 @@
     sqlite3_blob *pBlob = pRtree->pNodeBlob;
     pRtree->pNodeBlob = 0;
     sqlite3_blob_close(pBlob);
   }
 }
+
+/*
+** Check to see if pNode is the same as pParent or any of the parents
+** of pParent.
+*/
+static int nodeInParentChain(const RtreeNode *pNode, const RtreeNode *pParent){
+  do{
+    if( pNode==pParent ) return 1;
+    pParent = pParent->pParent;
+  }while( pParent );
+  return 0;
+}
 
 /*
 ** Obtain a reference to an r-tree node.
 */
 static int nodeAcquire(
@@ -651,10 +663,14 @@
   ** increase its reference count and return it.
   */
   if( (pNode = nodeHashLookup(pRtree, iNode))!=0 ){
     assert( !pParent || !pNode->pParent || pNode->pParent==pParent );
     if( pParent && !pNode->pParent ){
+      if( nodeInParentChain(pNode, pParent) ){
+        RTREE_IS_CORRUPT(pRtree);
+        return SQLITE_CORRUPT_VTAB;
+      }
       pParent->nRef++;
       pNode->pParent = pParent;
     }
     pNode->nRef++;
     *ppNode = pNode;
@@ -3223,11 +3239,11 @@
       rc2 = nodeRelease(pRtree, pLeaf);
       if( rc==SQLITE_OK ){
         rc = rc2;
       }
     }
-    if( pRtree->nAux ){
+    if( rc==SQLITE_OK && pRtree->nAux ){
       sqlite3_stmt *pUp = pRtree->pWriteAux;
       int jj;
       sqlite3_bind_int64(pUp, 1, *pRowid);
       for(jj=0; jj<pRtree->nAux; jj++){
         sqlite3_bind_value(pUp, jj+2, aData[pRtree->nDim2+3+jj]);

Index: ext/rtree/rtreefuzz001.test
==================================================================
--- ext/rtree/rtreefuzz001.test
+++ ext/rtree/rtreefuzz001.test
@@ -481,23 +481,23 @@
 |     96: 00 00 00 00 0d 00 00 00 04 0e 9c 00 0f ad 0f 4f   ...............O
 |    112: 0e fc 0e 9c 00 00 00 00 00 00 00 00 00 00 00 00   ................
 |   3728: 00 00 00 00 00 00 00 00 00 00 00 00 5e 04 07 17   ............^...
 |   3744: 1f 1f 01 81 0b 74 61 62 6c 65 74 31 5f 70 61 72   .....tablet1_par
 |   3760: 65 6e 74 74 31 5f 70 61 72 65 6e 74 04 43 52 45   entt1_parent.CRE
-|   3776: 41 54 45 20 54 41 42 4c 45 20 22 74 31 5f 70 61   ATE TABLE "t1_pa
-|   3792: 72 65 6e 74 22 28 6e 6f 64 65 6e 6f 20 49 4e 54   rent"(nodeno INT
+|   3776: 41 54 45 20 54 41 42 4c 45 20 22 74 31 5f 70 61   ATE TABLE .t1_pa
+|   3792: 72 65 6e 74 22 28 6e 6f 64 65 6e 6f 20 49 4e 54   rent.(nodeno INT
 |   3808: 45 47 45 52 20 50 52 49 4d 41 52 59 20 4b 45 59   EGER PRIMARY KEY
 |   3824: 2c 70 61 72 65 6e 74 6e 6f 64 65 29 51 03 06 17   ,parentnode)Q...
 |   3840: 1b 1b 01 7b 74 61 62 6c 65 74 31 5f 6e 6f 64 65   ....tablet1_node
 |   3856: 74 31 5f 6e 6f 64 65 03 43 52 45 41 54 45 20 54   t1_node.CREATE T
-|   3872: 41 42 4c 45 20 22 74 31 5f 6e 6f 64 65 22 28 6e   ABLE "t1_node"(n
+|   3872: 41 42 4c 45 20 22 74 31 5f 6e 6f 64 65 22 28 6e   ABLE .t1_node.(n
 |   3888: 6f 64 65 6e 6f 20 49 4e 54 45 47 45 52 20 50 52   odeno INTEGER PR
-|   3904: 49 4d 41 52 59 20 4b 45 59 2c 64 61 74 61 29 5c   IMARY KEY,data)\
+|   3904: 49 4d 41 52 59 20 4b 45 59 2c 64 61 74 61 29 5c   IMARY KEY,data).
 |   3920: 02 07 17 1d 1d 01 81 0b 74 61 62 6c 65 74 31 5f   ........tablet1_
 |   3936: 72 6f 77 69 64 74 31 5f 72 6f 77 69 64 02 43 52   rowidt1_rowid.CR
-|   3952: 45 41 54 45 20 54 41 42 4c 45 20 22 74 31 5f 72   EATE TABLE "t1_r
-|   3968: 6f 77 69 64 22 28 72 6f 77 69 64 20 49 4e 54 45   owid"(rowid INTE
+|   3952: 45 41 54 45 20 54 41 42 4c 45 20 22 74 31 5f 72   EATE TABLE .t1_r
+|   3968: 6f 77 69 64 22 28 72 6f 77 69 64 20 49 4e 54 45   owid.(rowid INTE
 |   3984: 47 45 52 20 50 52 49 4d 41 52 59 20 4b 45 59 2c   GER PRIMARY KEY,
 |   4000: 6e 6f 64 65 6e 6f 2c 61 30 2c 61 31 29 51 01 07   nodeno,a0,a1)Q..
 |   4016: 17 11 11 08 81 0f 74 61 62 6c 65 74 31 74 31 43   ......tablet1t1C
 |   4032: 52 45 41 54 45 20 56 49 52 54 55 41 4c 20 54 41   REATE VIRTUAL TA
 |   4048: 42 4c 45 20 74 31 20 55 53 49 4e 47 20 72 74 72   BLE t1 USING rtr
@@ -558,16 +558,16 @@
       c1(x) AS (VALUES(0) UNION ALL SELECT x+1 FROM c1 WHERE x<99),
       c2(y) AS (VALUES(0) UNION ALL SELECT y+1 FROM c2 WHERE y<99)
     INSERT INTO t1(id, x0,x1,y0,y1,label)
       SELECT 1000+x+y*100, x, x+1, y, y+1, printf('box-%d,%d',x,y) FROM c1, c2;
   }
-} {1 {malformed database schema (?)}}
+} {1 {database disk image is malformed}}
 do_test rtreefuzz001-210 {
   catchsql {
     SELECT rtreecheck('t1');
   }
-} {1 {database disk image is malformed}}
+} {/1 .*corrupt.*/}
 
 do_test rtreefuzz001-300 {
   sqlite3 db {}
   db deserialize [decode_hexdb {
 | size 16384 pagesize 4096 filename c4.db
@@ -578,23 +578,23 @@
 |     96: 00 00 00 00 0d 00 00 00 04 0e 9c 00 0f ad 0f 4f   ...............O
 |    112: 0e fc 0e 9c 00 00 00 00 00 00 00 00 00 00 00 00   ................
 |   3728: 00 00 00 00 00 00 00 00 00 00 00 00 5e 04 07 17   ............^...
 |   3744: 1f 1f 01 81 0b 74 61 62 6c 65 74 31 5f 70 61 72   .....tablet1_par
 |   3760: 65 6e 74 74 31 5f 70 61 72 65 6e 74 04 43 52 45   entt1_parent.CRE
-|   3776: 41 54 45 20 54 41 42 4c 45 20 22 74 31 5f 70 61   ATE TABLE "t1_pa
-|   3792: 72 65 6e 74 22 28 6e 6f 64 65 6e 6f 20 49 4e 54   rent"(nodeno INT
+|   3776: 41 54 45 20 54 41 42 4c 45 20 22 74 31 5f 70 61   ATE TABLE .t1_pa
+|   3792: 72 65 6e 74 22 28 6e 6f 64 65 6e 6f 20 49 4e 54   rent.(nodeno INT
 |   3808: 45 47 45 52 20 50 52 49 4d 41 52 59 20 4b 45 59   EGER PRIMARY KEY
 |   3824: 2c 70 61 72 65 6e 74 6e 6f 64 65 29 51 03 06 17   ,parentnode)Q...
 |   3840: 1b 1b 01 7b 74 61 62 6c 65 74 31 5f 6e 6f 64 65   ....tablet1_node
 |   3856: 74 31 5f 6e 6f 64 65 03 43 52 45 41 54 45 20 54   t1_node.CREATE T
-|   3872: 41 42 4c 45 20 22 74 31 5f 6e 6f 64 65 22 28 6e   ABLE "t1_node"(n
+|   3872: 41 42 4c 45 20 22 74 31 5f 6e 6f 64 65 22 28 6e   ABLE .t1_node.(n
 |   3888: 6f 64 65 6e 6f 20 49 4e 54 45 47 45 52 20 50 52   odeno INTEGER PR
-|   3904: 49 4d 41 52 59 20 4b 45 59 2c 64 61 74 61 29 5c   IMARY KEY,data)\
+|   3904: 49 4d 41 52 59 20 4b 45 59 2c 64 61 74 61 29 5c   IMARY KEY,data).
 |   3920: 02 07 17 1d 1d 01 81 0b 74 61 62 6c 65 74 31 5f   ........tablet1_
 |   3936: 72 6f 77 69 64 74 31 5f 72 6f 77 69 64 02 43 52   rowidt1_rowid.CR
-|   3952: 45 41 54 45 20 54 41 42 4c 45 20 22 74 31 5f 72   EATE TABLE "t1_r
-|   3968: 6f 77 69 64 22 28 72 6f 77 69 64 20 49 4e 54 45   owid"(rowid INTE
+|   3952: 45 41 54 45 20 54 41 42 4c 45 20 22 74 31 5f 72   EATE TABLE .t1_r
+|   3968: 6f 77 69 64 22 28 72 6f 77 69 64 20 49 4e 54 45   owid.(rowid INTE
 |   3984: 47 45 72 20 50 52 49 4d 41 52 59 20 4b 45 59 2c   GEr PRIMARY KEY,
 |   4000: 6e 6f 64 65 6e 6f 2c 61 30 2c 61 31 29 51 01 07   nodeno,a0,a1)Q..
 |   4016: 17 11 11 08 81 0f 74 61 62 6c 65 74 31 74 31 43   ......tablet1t1C
 |   4032: 52 45 41 54 45 20 56 49 52 54 55 41 4c 20 54 41   REATE VIRTUAL TA
 |   4048: 42 4c 45 20 74 31 20 55 53 49 4e 47 20 72 74 72   BLE t1 USING rtr
@@ -646,14 +646,14 @@
 |   3168: d0 90 50 00 91 d0 07 46 f7 02 06 56 46 76 51 00   ..P....F...VFvQ.
 |   3184: 80 50 00 92 30 06 26 f7 47 46 f6 d2 06 56 46 76   .P..0.&.GF...VFv
 |   3200: 50 f0 70 50 00 92 10 07 26 96 76 87 42 06 56 46   P.pP....&.v.B.VF
 |   3216: 76 50 e0 60 50 00 91 f0 06 c6 56 67 42 06 56 46   vP.`P.....VgB.VF
 |   3232: 76 50 b0 50 50 00 91 90 06 36 56 e7 46 57 21 70   vP.PP....6V.FW!p
-|   3248: 40 50 00 93 10 07 57 07 06 57 22 d7 26 96 76 87   @P....W..W".&.v.
+|   3248: 40 50 00 93 10 07 57 07 06 57 22 d7 26 96 76 87   @P....W..W..&.v.
 |   3264: 42 06 36 f7 26 e6 57 21 70 30 50 00 93 10 06 c6   B.6.&.W!p0P.....
-|   3280: f7 76 57 22 d7 26 96 76 87 42 06 36 f7 26 e6 57   .vW".&.v.B.6.&.W
-|   3296: 21 60 20 50 00 92 f0 07 57 07 06 57 22 d6 c6 56   !` P....W..W"..V
+|   3280: f7 76 57 22 d7 26 96 76 87 42 06 36 f7 26 e6 57   .vW..&.v.B.6.&.W
+|   3296: 21 60 20 50 00 92 f0 07 57 07 06 57 22 d6 c6 56   !` P....W..W...V
 |   3312: 60 00 00 c4 24 c0 00 04 2c 80 00 00 00 00 00 04   `...$...,.......
 |   3328: 2c 80 00 00 00 00 00 00 00 00 00 d0 00 00 00 04   ,...............
 |   3344: 2c 80 00 00 00 00 00 04 24 80 00 00 00 00 00 00   ,.......$.......
 |   3360: 00 00 00 e0 00 00 00 04 2c 80 00 04 24 c0 00 04   ........,...$...
 |   3376: 2c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ,...............
@@ -662,14 +662,116 @@
 | end c4.db
   }]
   catchsql {
     UPDATE t1 SET label='x';
   }
-} {1 {malformed database schema (?)}}
+} {1 {rtree constraint failed: t1.(y0<=y1)}}
 do_test rtreefuzz001-310 {
   catchsql {
     SELECT rtreecheck('t1');
   }
-} {1 {database disk image is malformed}}
+} {/1 .*corrupt.*/}
 
+do_test rtreefuzz001-400 {
+  sqlite3 db {}
+  db deserialize [decode_hexdb {
+| size 16384 pagesize 4096 filename c7.db
+| page 1 offset 0
+|      0: 53 51 4c 69 74 65 20 66 6f 72 6d 61 74 20 33 00   SQLite format 3.
+|     16: 10 00 01 01 00 40 20 20 00 00 00 00 00 00 00 04   .....@  ........
+|     32: 00 00 00 00 01 00 00 00 00 00 00 04 00 00 00 04   ................
+|     48: 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00   ................
+|     96: 00 00 00 00 0d 00 00 00 04 0e 9c 00 0f ad 0f 4f   ...............O
+|    112: 0e fc 0e 9c 00 00 00 00 00 00 00 00 00 00 00 00   ................
+|   3728: 00 00 00 00 00 00 00 00 00 00 00 00 5e 04 07 17   ............^...
+|   3744: 1f 1f 01 81 0b 74 61 62 6c 65 74 31 5f 70 61 72   .....tablet1_par
+|   3760: 65 6e 74 74 31 5f 70 61 72 65 6e 74 04 43 52 45   entt1_parent.CRE
+|   3776: 41 54 45 20 54 41 42 4c 45 20 22 74 31 5f 70 61   ATE TABLE .t1_pa
+|   3792: 72 65 6e 74 22 28 6e 6f 64 65 6e 6f 20 49 4e 54   rent.(nodeno INT
+|   3808: 45 47 45 52 20 50 52 49 4d 41 52 59 20 4b 45 59   EGER PRIMARY KEY
+|   3824: 2c 70 61 72 65 6e 74 6e 6f 64 65 29 51 03 06 17   ,parentnode)Q...
+|   3840: 1b 1b 01 7b 74 61 62 6c 65 74 31 5f 6e 6f 64 65   ....tablet1_node
+|   3856: 74 31 5f 6e 6f 64 65 03 43 52 45 41 54 45 20 54   t1_node.CREATE T
+|   3872: 41 42 4c 45 20 22 74 31 5f 6e 6f 64 65 22 28 6e   ABLE .t1_node.(n
+|   3888: 6f 64 65 6e 6f 20 49 4e 54 45 47 45 52 20 50 52   odeno INTEGER PR
+|   3904: 49 4d 41 52 59 20 4b 45 59 2c 64 61 74 61 29 5c   IMARY KEY,data).
+|   3920: 02 07 17 1d 1d 01 81 0b 74 61 62 6c 65 74 31 5f   ........tablet1_
+|   3936: 72 6f 77 69 64 74 31 5f 72 6f 77 69 64 02 43 52   rowidt1_rowid.CR
+|   3952: 45 41 54 45 20 54 41 42 4c 45 20 22 74 31 5f 72   EATE TABLE .t1_r
+|   3968: 6f 77 69 64 22 28 72 6f 77 69 64 20 49 4e 54 45   owid.(rowid INTE
+|   3984: 47 45 52 20 50 52 49 4d 41 52 59 20 4b 45 59 2c   GER PRIMARY KEY,
+|   4000: 6e 6f 64 65 6e 6f 2c 61 30 2c 61 31 29 51 01 07   nodeno,a0,a1)Q..
+|   4016: 17 11 11 08 81 0f 74 61 62 6c 65 74 31 74 31 43   ......tablet1t1C
+|   4032: 52 45 41 54 45 20 56 49 52 54 55 41 4c 20 54 41   REATE VIRTUAL TA
+|   4048: 42 4c 45 20 74 31 20 55 53 49 4e 47 20 72 74 72   BLE t1 USING rtr
+|   4064: 65 65 28 69 64 2c 78 30 2c 78 31 2c 79 30 2c 79   ee(id,x0,x1,y0,y
+|   4080: 31 2c 2b 6c 61 62 65 6c 2c 2b 6f 74 68 65 72 29   1,+label,+other)
+| page 2 offset 4096
+|      0: 0d 00 00 00 0e 0e f7 00 0f e8 0f d0 0f b7 0f 9e   ................
+|     16: 0f 91 0f 81 0f 70 0f 5e 0f 4f 0f 39 0f 29 0f 18   .....p.^.O.9.)..
+|     32: 0f 06 0e f7 00 00 00 00 00 00 00 00 00 00 00 00   ................
+|   3824: 00 00 00 00 00 00 00 0d 0e 05 00 09 1d 00 74 6f   ..............to
+|   3840: 70 20 68 61 6c 66 10 0d 05 00 09 23 00 62 6f 74   p half.....#.bot
+|   3856: 74 6f 6d 20 68 61 6c 66 0f 0c 05 00 09 21 00 72   tom half.....!.r
+|   3872: 69 67 68 74 20 68 61 6c 66 0e 0b 05 00 09 1f 00   ight half.......
+|   3888: 6c 65 66 74 20 68 61 6c 66 14 0a 05 00 09 2b 00   left half.....+.
+|   3904: 74 68 65 20 77 68 6f 6c 65 20 74 68 69 6e 67 0d   the whole thing.
+|   3920: 09 05 00 09 1d 00 74 6f 70 20 65 64 67 65 10 08   ......top edge..
+|   3936: 05 00 09 23 00 62 6f 74 74 6f 6d 20 65 64 67 65   ...#.bottom edge
+|   3952: 0f 07 05 00 09 21 00 72 69 67 68 74 20 65 64 67   .....!.right edg
+|   3968: 65 0e 06 05 00 09 1f 00 6c 65 66 74 20 65 64 67   e.......left edg
+|   3984: 65 0b 05 05 00 09 19 00 23 65 6e 74 65 72 17 04   e.......#enter..
+|   4000: 05 00 09 31 00 75 70 70 65 72 2d 72 69 67 68 74   ...1.upper-right
+|   4016: 20 63 6f 72 6e 65 72 17 03 05 00 09 31 00 6c 6f    corner.....1.lo
+|   4032: 77 65 72 2d 72 69 67 68 74 20 63 6f 72 6e 65 72   wer-right corner
+|   4048: 16 02 05 00 09 2f 00 75 70 70 65 72 2d 6c 65 66   ...../.upper-lef
+|   4064: 74 20 63 6f 72 6e 65 72 16 01 05 00 09 2f 00 6c   t corner...../.l
+|   4080: 6f 77 65 72 2d 6c 65 66 74 20 63 6f 72 6e 65 72   ower-left corner
+| page 3 offset 8192
+|      0: 0d 00 00 00 02 0b 2d 00 0b 2d 00 00 00 00 00 00   ......-..-......
+|   2848: 00 00 00 00 00 00 00 00 00 00 00 00 00 89 50 01   ..............P.
+|   2864: 04 00 93 24 00 00 00 00 00 00 00 00 08 00 00 00   ...$............
+|   2880: 00 42 c8 00 00 00 00 00 00 40 a0 00 00 00 00 00   .B.......@......
+|   2896: 00 00 00 00 42 c8 00 00 00 00 00 00 00 00 00 07   ....B...........
+|   2912: 42 be 00 00 42 c8 00 00 00 00 00 00 42 c8 00 00   B...B.......B...
+|   2928: 00 00 00 00 00 00 00 08 00 00 00 00 42 c8 00 00   ............B...
+|   2944: 00 00 00 00 40 a0 00 00 00 00 00 00 00 00 00 09   ....@...........
+|   2960: 00 00 00 00 42 c8 00 00 42 be 00 00 42 c8 00 00   ....B...B...B...
+|   2976: 00 00 00 00 00 00 00 0a 00 00 00 00 42 c8 00 00   ............B...
+|   2992: 00 00 00 00 42 c8 00 00 00 00 00 00 00 00 00 0b   ....B...........
+|   3008: 00 00 00 00 42 48 00 00 00 00 00 04 2c 80 00 00   ....BH......,...
+|   3024: 00 00 00 00 00 00 00 c4 00 00 00 00 00 42 c8 00   .............B..
+|   3040: 00 00 00 00 00 00 00 00 07 42 be 00 00 42 c8 00   .........B...B..
+|   3056: 00 00 00 00 00 42 c8 00 00 00 00 00 00 00 00 00   .....B..........
+|   3072: 08 00 00 00 00 42 c8 00 00 00 00 00 00 40 a0 00   .....B.......@..
+|   3088: 00 00 00 00 00 00 00 00 09 00 00 00 00 42 c8 00   .............B..
+|   3104: 00 42 be 00 00 42 c8 00 00 00 00 00 00 00 00 00   .B...B..........
+|   3120: 0a 00 00 00 00 42 c8 00 00 00 00 00 00 42 c8 00   .....B.......B..
+|   3136: 00 00 00 00 00 00 00 00 0b 00 00 00 00 42 48 00   .............BH.
+|   3152: 00 00 00 00 04 2c 80 00 00 00 00 00 00 00 00 00   .....,..........
+|   3168: c4 24 c0 00 04 2c 80 00 00 00 00 00 04 2c 80 00   .$...,.......,..
+|   3184: 00 00 00 00 00 00 00 00 d0 00 00 00 04 2c 80 00   .............,..
+|   3200: 00 00 00 00 04 24 80 00 00 00 00 00 00 00 00 00   .....$..........
+|   3216: e0 00 00 00 04 2c 80 00 04 24 c0 00 04 2c 00 00   .....,...$...,..
+| page 4 offset 12288
+|      0: 0d 00 00 00 00 10 00 00 00 00 00 00 0e 00 00 00   ................
+|     16: 00 42 c8 00 00 42 4c 00 00 42 c8 00 00 00 00 00   .B...BL..B......
+|     32: 00 00 00 0a 00 00 00 00 42 c8 00 00 00 00 00 00   ........B.......
+|     48: 42 c8 00 00 00 00 00 00 00 00 00 0b 00 00 00 00   B...............
+|     64: 42 48 00 00 00 00 00 04 2c 80 00 00 00 00 00 00   BH......,.......
+|     80: 00 00 00 c4 24 c0 00 04 2c 80 00 00 00 00 00 04   ....$...,.......
+|     96: 2c 80 00 00 00 00 00 00 00 00 00 d0 00 00 00 04   ,...............
+|    112: 2c 80 00 00 00 00 00 04 24 80 00 00 00 00 00 00   ,.......$.......
+|    128: 00 00 00 e0 00 00 00 04 2c 80 00 04 24 c0 00 04   ........,...$...
+|    144: 2c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ,...............
+| end c7.db
+  }]
+  catchsql {
+    WITH RECURSIVE
+      c1(x) AS (VALUES(0) UNION ALL SELECT x+1 FROM c1 WHERE x<8),
+      c2(y) AS (VALUES(0) UNION ALL SELECT y+1 FROM c2 WHERE y<5)
+    INSERT INTO t1(id, x0,x1,y0,y1,label)
+      SELECT 1000+x+y*100, x, x+1, y, y+1, printf('box-%d,%d',x,y) FROM c1, c2;
+  }
+} {1 {database disk image is malformed}}
 
 finish_test