Index: src/btree.c
==================================================================
--- src/btree.c
+++ src/btree.c
@@ -989,10 +989,17 @@
   iPtrmap = PTRMAP_PAGENO(pBt, key);
   rc = sqlite3PagerGet(pBt->pPager, iPtrmap, &pDbPage, 0);
   if( rc!=SQLITE_OK ){
     *pRC = rc;
     return;
+  }
+  if( ((char*)sqlite3PagerGetExtra(pDbPage))[0]!=0 ){
+    /* The first byte of the extra data is the MemPage.isInit byte.
+    ** If that byte is set, it means this page is also being used
+    ** as a btree page. */
+    *pRC = SQLITE_CORRUPT_BKPT;
+    goto ptrmap_exit;
   }
   offset = PTRMAP_PTROFFSET(iPtrmap, key);
   if( offset<0 ){
     *pRC = SQLITE_CORRUPT_BKPT;
     goto ptrmap_exit;

Index: test/fuzzcheck.c
==================================================================
--- test/fuzzcheck.c
+++ test/fuzzcheck.c
@@ -445,11 +445,11 @@
     return SQLITE_IOERR_SHORT_READ;
   }
   if( iOfst+iAmt>pVFile->sz ){
     memset(pData, 0, iAmt);
     iAmt = (int)(pVFile->sz - iOfst);
-    memcpy(pData, pVFile->a, iAmt);
+    memcpy(pData, pVFile->a + iOfst, iAmt);
     return SQLITE_IOERR_SHORT_READ;
   }
   memcpy(pData, pVFile->a + iOfst, iAmt);
   return SQLITE_OK;
 }