You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@commons.apache.org by "Duncan Jones (JIRA)" <ji...@apache.org> on 2016/12/12 14:16:58 UTC

[jira] [Updated] (LANG-1295) ArrayUtils has unsafe use of varargs, which are marked as safe

     [ https://issues.apache.org/jira/browse/LANG-1295?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Duncan Jones updated LANG-1295:
-------------------------------
    Description: 
{{ArrayUtils.toArray(T... items)}} is marked as {{@SafeVarargs}}, but I suspect the use of the varargs is unsafe.

An example, drawn heavily from [this StackOverflow answer|http://stackoverflow.com/a/14252221/474189], demonstrates this:

{code:java}
static <T> T[] arrayOfTwo(T a, T b) {
    return ArrayUtils.toArray(a, b);
}

@Test
public void testBadVarArgs() throws Exception {
    @SuppressWarnings("unused") // Need to assign to trigger exception
    String[] result = arrayOfTwo("foo", "bar");
}
{code}

the above code throws an exception: {{java.lang.ClassCastException: [Ljava.lang.Object; cannot be cast to [Ljava.lang.String;}}.

The method {{ArrayUtils.addAll(null, a, b)}} looks unsafe for similar reasons.  However, {{ArrayUtils.removeElements(final T[] array, final T... values)}} looks safe.

  was:
{{ArrayUtils.addAll()}} is marked as {{@SafeVarargs}}, but I suspect the use of the varargs is unsafe.

An example, drawn heavily from [this StackOverflow answer|http://stackoverflow.com/a/14252221/474189], demonstrates this:

{code:java}
static <T> T[] arrayOfTwo(T a, T b) {
    return ArrayUtils.addAll(null, a, b);
}

@Test
public void testBadVarArgs() throws Exception {
    @SuppressWarnings("unused") // Need to assign to trigger exception
    String[] result = arrayOfTwo("foo", "bar");
}
{code}

the above code throws an exception: {{java.lang.ClassCastException: [Ljava.lang.Object; cannot be cast to [Ljava.lang.String;}}.

The method {{ArrayUtils.toArray(final T... items)}} looks unsafe for the same reason.  However, {{ArrayUtils.removeElements(final T[] array, final T... values)}} looks safe.


> ArrayUtils has unsafe use of varargs, which are marked as safe
> --------------------------------------------------------------
>
>                 Key: LANG-1295
>                 URL: https://issues.apache.org/jira/browse/LANG-1295
>             Project: Commons Lang
>          Issue Type: Bug
>          Components: lang.*
>            Reporter: Duncan Jones
>            Priority: Critical
>
> {{ArrayUtils.toArray(T... items)}} is marked as {{@SafeVarargs}}, but I suspect the use of the varargs is unsafe.
> An example, drawn heavily from [this StackOverflow answer|http://stackoverflow.com/a/14252221/474189], demonstrates this:
> {code:java}
> static <T> T[] arrayOfTwo(T a, T b) {
>     return ArrayUtils.toArray(a, b);
> }
> @Test
> public void testBadVarArgs() throws Exception {
>     @SuppressWarnings("unused") // Need to assign to trigger exception
>     String[] result = arrayOfTwo("foo", "bar");
> }
> {code}
> the above code throws an exception: {{java.lang.ClassCastException: [Ljava.lang.Object; cannot be cast to [Ljava.lang.String;}}.
> The method {{ArrayUtils.addAll(null, a, b)}} looks unsafe for similar reasons.  However, {{ArrayUtils.removeElements(final T[] array, final T... values)}} looks safe.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)