BUG #14599: Segmentation fault and database corruption with hstore

The following bug has been logged on the website:

Bug reference: 14599
Logged by: Jordan Gigov
Email address: coladict(at)gmail(dot)com
PostgreSQL version: 9.5.6
Operating system: Ubuntu 16.04
Description:

I was testing a potential use of the hstore extension and data type when it
started crashing. The high-level API I rely on can only send this data type
as a string. It may not be limited to hstore, but that's the only thing I've
tested.

Steps to reproduce:
1. "CREATE EXTENSION hstore;" on a database.
2. Add an "hstore" field to any table.
3. "CREATE CAST (varchar AS hstore) WITHOUT FUNCTION AS ASSIGNMENT;". If we
skip step 4, everything works fine, but I was afraid it might fail with
longer strings, so I did that anyway.
4. "CREATE CAST (text AS hstore) WITHOUT FUNCTION AS ASSIGNMENT;". If I
skipped step 3 and only did 4, the cast was not detected with strings that
are too short.
5. This was done using Java + JDBC, but should work the same via
PREPARE/EXECUTE or any other driver's API:

PreparedStatement ps = conn.prepareStatement("UPDATE the_table SET
hstore_field = ? WHERE id = ?");
ps.setString(1, syntax_valid_data);
ps.setLong(2, id);
ps.execute();

From here on out, trying to fetch the data via SELECT will also result in
segfaults. Dropping the casts does not help.
The only solution was to drop the database and recreate from a backup.

I repeated the steps to be certain it's reproducible.