On 01/30/2012 04:19 AM, Tom Hawtin wrote:
On 30/01/2012 03:58, Joe Darcy wrote:
Object clone()
method inherited from java.lang.Object with a covariant override such as
MyType clone()
This is, of course, going to break any existing overrides (that aren't
making use of covariant return types). This will be why the changes
weren't made way back in 1.5.
While this issue may have good technical grounding, there were also many
potential changes omitted from JDK 5 due to lack of time, etc.
Other clone implementations are overridden for (mobile code) security
reasons. These methods may have the same thing done to them by trusted
code outside of the Java library.
A better solution to the unchecked casts from clone, is not to clone.
Using a constructor gets rid of the problem, and ensures you aren't
using some funky (potentially malicious) subclass.
- return (Hashtable<String, java.lang.Object>)_env.clone();
+ return new Hashtable<>(_env);
Tom
I suppose this depends on what your threat model is. For better or
worse, the types in question are Cloneable and should have reasonable
clone methods.
-Joe
