Duncan Jones created LANG-1295: ---------------------------------- Summary: ArrayUtils has unsafe use of varargs, which are marked as safe Key: LANG-1295 URL: https://issues.apache.org/jira/browse/LANG-1295 Project: Commons Lang Issue Type: Bug Components: lang.* Reporter: Duncan Jones Priority: Critical
{{ArrayUtils.addAll()}} is marked as {{@SafeVarargs}}, but I suspect the use of the varargs is unsafe. An example, drawn heavily from [this StackOverflow answer|http://stackoverflow.com/a/14252221/474189], demonstrates this: {code:java} static <T> T[] arrayOfTwo(T a, T b) { return ArrayUtils.addAll(null, a, b); } @Test public void testBadVarArgs() throws Exception { @SuppressWarnings("unused") // Need to assign to trigger exception String[] result = arrayOfTwo("foo", "bar"); } {code} the above code throws an exception: {{java.lang.ClassCastException: [Ljava.lang.Object; cannot be cast to [Ljava.lang.String;}}. The method {{ArrayUtils.toArray(final T... items)}} looks unsafe for the same reason. However, {{ArrayUtils.removeElements(final T[] array, final T... values)}} looks safe. -- This message was sent by Atlassian JIRA (v6.3.4#6332)