BUG #17995: Segmentation fault caused by UPDATE statement

The following bug has been logged on the website:

Bug reference: 17995
Logged by: Zuming Jiang
Email address: zuming(dot)jiang(at)inf(dot)ethz(dot)ch
PostgreSQL version: 16beta1
Operating system: Ubuntu 20.04
Description:

My fuzzer finds a bug in Postgres, which crashes Postgres. This bug can be
reproduced even after applying the fixing patches for
https://www.postgresql.org/message-id/flat/b2bd02dff61af15e3526293e2771f874cf2a3be7(dot)camel(at)cybertec(dot)at

--- Test case ---
create table t1 (pkey int4, c7 float8, c8 text, c9 float8);
insert into t1 (pkey, c7, c8, c9) values (96000, 0.0, '3n@', -79.14);
update t1 set c7 = t1.c9 / t1.c7 where 'a' @@ repeat(t1.c8, t1.pkey);
---

--- Expected behavior ---
Postgres does not crash.

--- Actual behavior ---
Postgres crashes.

--- Server log ---
2023-06-24 18:27:12.606 UTC [36] LOG: server process (PID 3917180) was
terminated by signal 11: Segmentation fault
2023-06-24 18:27:12.606 UTC [36] DETAIL: Failed process was running: update
t1 set c7 = t1.c9 / t1.c7 where 'a' @@ repeat(t1.c8, t1.pkey)
2023-06-24 18:27:12.606 UTC [36] LOG: terminating any other active server
processes
2023-06-24 18:27:12.607 UTC [36] LOG: all server processes terminated;
reinitializing
2023-06-24 18:27:12.658 UTC [3917181] LOG: database system was interrupted;
last known up at 2023-06-24 18:27:11 UTC
2023-06-24 18:27:22.848 UTC [3917181] LOG: database system was not properly
shut down; automatic recovery in progress
---

--- Postgres version ---
Github commit: f5c446e3367527f9db1506d7c38d2f56e20950b6
Version: PostgreSQL 16beta1 on x86_64-pc-linux-gnu, compiled by gcc (Ubuntu
9.4.0-1ubuntu1~20.04.1) 9.4.0, 64-bit

--- Platform information ---
Platform: Ubuntu 20.04
Kernel: Linux 5.4.0-147-generic