You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@commons.apache.org by "Duncan Jones (JIRA)" <ji...@apache.org> on 2016/12/12 14:33:58 UTC
[jira] [Created] (LANG-1296) ArrayUtils.addAll() has unsafe use of
varargs
Duncan Jones created LANG-1296:
----------------------------------
Summary: ArrayUtils.addAll() has unsafe use of varargs
Key: LANG-1296
URL: https://issues.apache.org/jira/browse/LANG-1296
Project: Commons Lang
Issue Type: Bug
Components: lang.*
Affects Versions: 3.5
Reporter: Duncan Jones
Priority: Critical
{{ArrayUtils.addAll()}} is marked as {{@SafeVarargs}}, but I suspect the use of the varargs is unsafe.
An example, drawn heavily from [this StackOverflow answer|http://stackoverflow.com/a/14252221/474189], demonstrates this:
{code:java}
static <T> T[] arrayOfTwo(T a, T b) {
return ArrayUtils.addAll(null, a, b);
}
@Test
public void testBadVarArgs() throws Exception {
@SuppressWarnings("unused") // Need to assign to trigger exception
String[] result = arrayOfTwo("foo", "bar");
}
{code}
the above code throws an exception: {{java.lang.ClassCastException: [Ljava.lang.Object; cannot be cast to [Ljava.lang.String;}}.
Here, the {{null}} input array causes the method to return a clone of the vararg array. This is what triggers the problem.
I faced a similar issue when adding the {{ArrayUtils.insert(...)}} methods and I solved it by returning {{null}} if the input array is {{null}}. We can't do this here without breaking behaviour.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)