You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@commons.apache.org by "Duncan Jones (JIRA)" <ji...@apache.org> on 2016/12/12 14:33:58 UTC

[jira] [Created] (LANG-1296) ArrayUtils.addAll() has unsafe use of varargs

Duncan Jones created LANG-1296:
----------------------------------

             Summary: ArrayUtils.addAll() has unsafe use of varargs
                 Key: LANG-1296
                 URL: https://issues.apache.org/jira/browse/LANG-1296
             Project: Commons Lang
          Issue Type: Bug
          Components: lang.*
    Affects Versions: 3.5
            Reporter: Duncan Jones
            Priority: Critical


{{ArrayUtils.addAll()}} is marked as {{@SafeVarargs}}, but I suspect the use of the varargs is unsafe.

An example, drawn heavily from [this StackOverflow answer|http://stackoverflow.com/a/14252221/474189], demonstrates this:

{code:java}
static <T> T[] arrayOfTwo(T a, T b) {
   return ArrayUtils.addAll(null, a, b);
}

@Test
public void testBadVarArgs() throws Exception {
   @SuppressWarnings("unused") // Need to assign to trigger exception
   String[] result = arrayOfTwo("foo", "bar");
}
{code}

the above code throws an exception: {{java.lang.ClassCastException: [Ljava.lang.Object; cannot be cast to [Ljava.lang.String;}}.

Here, the {{null}} input array causes the method to return a clone of the vararg array. This is what triggers the problem.

I faced a similar issue when adding the {{ArrayUtils.insert(...)}} methods and I solved it by returning {{null}} if the input array is {{null}}. We can't do this here without breaking behaviour.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)