[
https://issues.apache.org/jira/browse/LANG-1296?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pascal Schumacher updated LANG-1296:
------------------------------------
Priority: Major (was: Critical)
> ArrayUtils.addAll() has unsafe use of varargs
> ---------------------------------------------
>
> Key: LANG-1296
> URL: https://issues.apache.org/jira/browse/LANG-1296
> Project: Commons Lang
> Issue Type: Bug
> Components: lang.*
> Affects Versions: 3.5
> Reporter: Duncan Jones
>
> {{ArrayUtils.addAll()}} is marked as {{@SafeVarargs}}, but I suspect the use
> of the varargs is unsafe.
> An example, drawn heavily from [this StackOverflow
> answer|http://stackoverflow.com/a/14252221/474189], demonstrates this:
> {code:java}
> static <T> T[] arrayOfTwo(T a, T b) {
> return ArrayUtils.addAll(null, a, b);
> }
> @Test
> public void testBadVarArgs() throws Exception {
> @SuppressWarnings("unused") // Need to assign to trigger exception
> String[] result = arrayOfTwo("foo", "bar");
> }
> {code}
> the above code throws an exception: {{java.lang.ClassCastException:
> [Ljava.lang.Object; cannot be cast to [Ljava.lang.String;}}.
> Here, the {{null}} input array causes the method to return a clone of the
> vararg array. This is what triggers the problem.
> I faced a similar issue when adding the {{ArrayUtils.insert(...)}} methods
> and I solved it by returning {{null}} if the input array is {{null}}. We
> can't do this here without breaking behaviour.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
