Tom Lane wrote:
> Heikki Linnakangas <heikki(at)enterprisedb(dot)com> writes:
>> FWIW, I can reproduce this with UTF-8, on REL_8_2_STABLE.
>
> I can reproduce an out-of-memory condition (basically, replace() is
> going into an infinite loop because of the invalid input) but I'm
> not seeing any crash.
replace_text reads past the end of source string, byte by byte (or
character by character, not sure), and eventually tries to read from an
invalid address which causes a segfault. It happens here when start_posn
== 367368.
--
Heikki Linnakangas
EnterpriseDB http://www.enterprisedb.com