diff --git a/manifest b/manifest
index e812435a9f..09e5894d54 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Have\ssqlite3pager_get()\sreturn\sSQLITE_CORRUPT\sfor\sa\spage\snumber\sgreater\sthan\s2^31.\s(CVS\s2222)
-D 2005-01-17T01:33:14
+C Change\ssome\sassert()s\sthat\scould\sfail\sif\sthe\sdatabase\sis\scorrupt\sto\sreturn\sSQLITE_CORRUPT\sinstead.\s(CVS\s2223)
+D 2005-01-17T02:12:19
 F Makefile.in 78d6d0af3725aef32468ac9923444d7645d21a28
 F Makefile.linux-gcc a9e5a0d309fa7c38e7c14d3ecf7690879d3a5457
 F README a01693e454a00cc117967e3f9fdab2d4d52e9bc1
@@ -29,7 +29,7 @@ F sqlite3.def dbaeb20c153e1d366e8f421b55a573f5dfc00863
 F sqlite3.pc.in 985b9bf34192a549d7d370e0f0b6b34a4f61369a
 F src/attach.c e49d09dad9f5f9fb10b4b0c1be5a70ae4c45e689
 F src/auth.c 3b81f2a42f48a62c2c9c9b0eda31a157c681edea
-F src/btree.c 5fcaa2386570d2c905c57ffa13651203950ce33c
+F src/btree.c da5adfeb27e7236e6e3a0a4f42de2caef0e9ad13
 F src/btree.h 74d19cf40ab49fd69abe9e4e12a6c321ad86c497
 F src/build.c af1296e8a21a406b4f4c4f1e1365e075071219f3
 F src/cursor.c f883813759742068890b1f699335872bfa8fdf41
@@ -267,7 +267,7 @@ F www/tclsqlite.tcl e73f8f8e5f20e8277619433f7970060ab01088fc
 F www/vdbe.tcl 095f106d93875c94b47367384ebc870517431618
 F www/version3.tcl 092a01f5ef430d2c4acc0ae558d74c4bb89638a0
 F www/whentouse.tcl c3b50d3ac31c54be2a1af9b488a89d22f1e6e746
-P d0356dee55bd43f361ede1344e90d1ba6b5cde1e
-R c4fd31d8e980e6dc9c216408c16733fb
+P feb49d10e83ecc186024d4e96b64ef92cf876715
+R 690aa08ec808e0b8c04e201d95e5a003
 U danielk1977
-Z f8cb6f96573ed3a635c83870ecccf67f
+Z 422777f924a69fbf76ec890646525100
diff --git a/manifest.uuid b/manifest.uuid
index 57a31388c9..2ee48bd306 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-feb49d10e83ecc186024d4e96b64ef92cf876715
\ No newline at end of file
+2d58c0afa769d49c8819ea4982bc20ae39516f97
\ No newline at end of file
diff --git a/src/btree.c b/src/btree.c
index edb59c7ef7..9f3a1cc67a 100644
--- a/src/btree.c
+++ b/src/btree.c
@@ -9,7 +9,7 @@
 **    May you share freely, never taking more than you give.
 **
 *************************************************************************
-** $Id: btree.c,v 1.239 2005/01/17 01:33:14 danielk1977 Exp $
+** $Id: btree.c,v 1.240 2005/01/17 02:12:19 danielk1977 Exp $
 **
 ** This file implements a external (disk-based) database using BTrees.
 ** For a detailed discussion of BTrees, refer to
@@ -482,7 +482,9 @@ static int ptrmapPut(Btree *pBt, Pgno key, u8 eType, Pgno parent){
   int rc;
 
   assert( pBt->autoVacuum );
-  assert( key!=0 );
+  if( key==0 ){
+    return SQLITE_CORRUPT;
+  }
   iPtrmap = PTRMAP_PAGENO(pBt->usableSize, key);
   rc = sqlite3pager_get(pBt->pPager, iPtrmap, (void **)&pPtrmap);
   if( rc!=SQLITE_OK ){
@@ -528,6 +530,7 @@ static int ptrmapGet(Btree *pBt, Pgno key, u8 *pEType, Pgno *pPgno){
   if( pPgno ) *pPgno = get4byte(&pPtrmap[offset+1]);
 
   sqlite3pager_unref(pPtrmap);
+  if( *pEType<1 || *pEType>5 ) return SQLITE_CORRUPT;
   return SQLITE_OK;
 }
 
@@ -1609,7 +1612,6 @@ static int setChildPtrmaps(MemPage *pPage){
   nCell = pPage->nCell;
 
   for(i=0; i<nCell; i++){
-    CellInfo info;
     u8 *pCell = findCell(pPage, i);
 
     rc = ptrmapPutOvflPtr(pPage, pCell);
@@ -1649,11 +1651,12 @@ set_child_ptrmaps_out:
 ** PTRMAP_OVERFLOW2: pPage is an overflow-page. The pointer points at the next
 **                   overflow page in the list.
 */
-static void modifyPagePointer(MemPage *pPage, Pgno iFrom, Pgno iTo, u8 eType){
-
+static int modifyPagePointer(MemPage *pPage, Pgno iFrom, Pgno iTo, u8 eType){
   if( eType==PTRMAP_OVERFLOW2 ){
     /* The pointer is always the first 4 bytes of the page in this case.  */
-    assert( get4byte(pPage->aData)==iFrom );
+    if( get4byte(pPage->aData)!=iFrom ){
+      return SQLITE_CORRUPT;
+    }
     put4byte(pPage->aData, iTo);
   }else{
     int isInitOrig = pPage->isInit;
@@ -1683,13 +1686,16 @@ static void modifyPagePointer(MemPage *pPage, Pgno iFrom, Pgno iTo, u8 eType){
     }
   
     if( i==nCell ){
-      assert( eType==PTRMAP_BTREE );
-      assert( get4byte(&pPage->aData[pPage->hdrOffset+8])==iFrom );
+      if( eType!=PTRMAP_BTREE || 
+          get4byte(&pPage->aData[pPage->hdrOffset+8])!=iFrom ){
+        return SQLITE_CORRUPT;
+      }
       put4byte(&pPage->aData[pPage->hdrOffset+8], iTo);
     }
 
     pPage->isInit = isInitOrig;
   }
+  return SQLITE_OK;
 }
 
 
@@ -1737,7 +1743,6 @@ static int relocatePage(
   }else{
     Pgno nextOvfl = get4byte(pDbPage->aData);
     if( nextOvfl!=0 ){
-      assert( nextOvfl<=sqlite3pager_pagecount(pPager) );
       rc = ptrmapPut(pBt, nextOvfl, PTRMAP_OVERFLOW2, iFreePage);
       if( rc!=SQLITE_OK ){
         return rc;
@@ -1759,9 +1764,11 @@ static int relocatePage(
       releasePage(pPtrPage);
       return rc;
     }
-    modifyPagePointer(pPtrPage, iDbPage, iFreePage, eType);
-    rc = ptrmapPut(pBt, iFreePage, eType, iPtrPage);
+    rc = modifyPagePointer(pPtrPage, iDbPage, iFreePage, eType);
     releasePage(pPtrPage);
+    if( rc==SQLITE_OK ){
+      rc = ptrmapPut(pBt, iFreePage, eType, iPtrPage);
+    }
   }
   return rc;
 }
@@ -1793,7 +1800,9 @@ static int autoVacuumCommit(Btree *pBt, Pgno *nTrunc){
 #endif
 
   assert( pBt->autoVacuum );
-  assert( 0==PTRMAP_ISPAGE(pgsz, sqlite3pager_pagecount(pPager)) );
+  if( PTRMAP_ISPAGE(pgsz, sqlite3pager_pagecount(pPager)) ){
+    return SQLITE_CORRUPT;
+  }
 
   /* Figure out how many free-pages are in the database. If there are no
   ** free pages, then auto-vacuum is a no-op.