Index: src/pager.c
==================================================================
--- src/pager.c
+++ src/pager.c
@@ -5374,11 +5374,15 @@
   assert( pPager->hasHeldSharedLock==1 );
 
   pBase = sqlite3PcacheFetch(pPager->pPCache, pgno, 3);
   if( pBase==0 ){
     pPg = 0;
-    rc = sqlite3PcacheFetchStress(pPager->pPCache, pgno, &pBase);
+    if( pgno==0 ){
+      rc = SQLITE_CORRUPT_BKPT;
+    }else{
+      rc = sqlite3PcacheFetchStress(pPager->pPCache, pgno, &pBase);
+    }
     if( rc!=SQLITE_OK ) goto pager_acquire_err;
     if( pBase==0 ){
       rc = SQLITE_NOMEM_BKPT;
       goto pager_acquire_err;
     }
@@ -5398,15 +5402,15 @@
 
   }else{
     /* The pager cache has created a new page. Its content needs to 
     ** be initialized. But first some error checks:
     **
-    ** (1) Minimum page number is 1
-    ** (2) The maximum page number is 2^31
-    ** (3) Never try to fetch the locking page
+    ** (1) The maximum page number is 2^31
+    ** (2) Never try to fetch the locking page
     */
-    if( pgno==0 || pgno>PAGER_MAX_PGNO || pgno==PAGER_MJ_PGNO(pPager) ){
+    assert( pgno>0 );
+    if( pgno>PAGER_MAX_PGNO || pgno==PAGER_MJ_PGNO(pPager) ){
       rc = SQLITE_CORRUPT_BKPT;
       goto pager_acquire_err;
     }
 
     pPg->pPager = pPager;

Index: src/pcache1.c
==================================================================
--- src/pcache1.c
+++ src/pcache1.c
@@ -995,11 +995,11 @@
     if( !pPage->isPinned ){
       return pcache1PinPage(pPage);
     }else{
       return pPage;
     }
-  }else if( createFlag ){
+  }else if( createFlag && iKey ){
     /* Steps 3, 4, and 5 implemented by this subroutine */
     return pcache1FetchStage2(pCache, iKey, createFlag);
   }else{
     return 0;
   }