Silence6666668 opened a new issue, #2386:
URL: https://github.com/apache/age/issues/2386
**Describe the bug**
`substring()` may crash Apache AGE when its start-offset argument is `null`.
In the minimized repro below, evaluating `substring('abc', null, 1)`
terminates the backend connection instead of producing a normal query result or
a normal query-level error.
**How are you accessing AGE (Command line, driver, etc.)?**
- PostgreSQL `cypher(...)` wrapper through the local Python
differential-testing harness
- Reproducible directly in `psql` inside the Docker container
**What data setup do we need to do?**
```pgsql
SELECT create_graph('expr_substring_bug');
```
No graph data is required beyond creating an empty graph.
**What is the necessary configuration info needed?**
- Plain Apache AGE Docker image was enough
- Docker image in local repro: `apache/age`
- AGE extension version: `1.7.0`
- PostgreSQL version: `18.1`
- Graph name used in repro: `expr_substring_bug`
- No extra extensions or special configuration were required
**What is the command that caused the error?**
```pgsql
SELECT * FROM cypher('expr_substring_bug', $$
RETURN substring('abc', null, 1) AS v
$$) AS (v agtype);
```
Returned result on AGE:
```text
server closed the connection unexpectedly
This probably means the server terminated abnormally
before or while processing the request.
```
**Expected behavior**
The query should not crash the server.
For comparison:
- Neo4j returns `null` for the equivalent Cypher query
- Memgraph reports a normal query error for the invalid null numeric argument
Either behavior would be far safer than terminating the backend process.
**Environment (please complete the following information):**
- Version: Apache AGE `1.7.0`
- PostgreSQL: `18.1`
- Host OS: Windows
- Architecture: x86_64
- Deployment: Docker
**Additional context**
Two nearby control cases behave normally on the same AGE instance:
1. A fully non-null call succeeds:
```pgsql
SELECT * FROM cypher('expr_substring_bug', $$
RETURN substring('abc', 1, 1) AS v
$$) AS (v agtype);
```
Observed result:
```text
"b"
```
2. A null input string is handled without crashing:
```pgsql
SELECT * FROM cypher('expr_substring_bug', $$
RETURN substring(null, 1, 1) AS v
$$) AS (v agtype);
```
Observed result:
```text
null
```
There is also an adjacent non-crashing null case:
```pgsql
SELECT * FROM cypher('expr_substring_bug', $$
RETURN substring('abc', 1, null) AS v
$$) AS (v agtype);
```
Observed AGE behavior:
```text
ERROR: substring() offset or length cannot be null
```
So this appears narrower than a generic `substring(..., null, ...)`
validation problem: a `null` length is rejected normally, but a `null` start
offset crashes the server.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
