commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Duncan Jones (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (LANG-1295) ArrayUtils has unsafe use of varargs, which are marked as safe
Date Mon, 12 Dec 2016 14:29:58 GMT

     [ https://issues.apache.org/jira/browse/LANG-1295?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Duncan Jones updated LANG-1295:
-------------------------------
    Affects Version/s: 3.5
          Description: 
{{ArrayUtils.toArray(T... items)}} is marked as {{@SafeVarargs}}, but I suspect the use of
the varargs is unsafe.

An example, drawn heavily from [this StackOverflow answer|http://stackoverflow.com/a/14252221/474189],
demonstrates this:

{code:java}
static <T> T[] arrayOfTwo(T a, T b) {
    return ArrayUtils.toArray(a, b);
}

@Test
public void testBadVarArgs() throws Exception {
    @SuppressWarnings("unused") // Need to assign to trigger exception
    String[] result = arrayOfTwo("foo", "bar");
}
{code}

the above code throws an exception: {{java.lang.ClassCastException: [Ljava.lang.Object; cannot
be cast to [Ljava.lang.String;}}.

  was:
{{ArrayUtils.toArray(T... items)}} is marked as {{@SafeVarargs}}, but I suspect the use of
the varargs is unsafe.

An example, drawn heavily from [this StackOverflow answer|http://stackoverflow.com/a/14252221/474189],
demonstrates this:

{code:java}
static <T> T[] arrayOfTwo(T a, T b) {
    return ArrayUtils.toArray(a, b);
}

@Test
public void testBadVarArgs() throws Exception {
    @SuppressWarnings("unused") // Need to assign to trigger exception
    String[] result = arrayOfTwo("foo", "bar");
}
{code}

the above code throws an exception: {{java.lang.ClassCastException: [Ljava.lang.Object; cannot
be cast to [Ljava.lang.String;}}.

The method {{ArrayUtils.addAll(null, a, b)}} looks unsafe for similar reasons.  However, {{ArrayUtils.removeElements(final
T[] array, final T... values)}} looks safe.


Unfortunately, this method seems to do exactly what you're not supposed to do with varargs.

We may have to deprecate this and warn people off using it.

I'm going to create another issue for the {{addAll}} method, since the solution (and discussion
thereof) is likely to be different.

> ArrayUtils has unsafe use of varargs, which are marked as safe
> --------------------------------------------------------------
>
>                 Key: LANG-1295
>                 URL: https://issues.apache.org/jira/browse/LANG-1295
>             Project: Commons Lang
>          Issue Type: Bug
>          Components: lang.*
>    Affects Versions: 3.5
>            Reporter: Duncan Jones
>            Priority: Critical
>
> {{ArrayUtils.toArray(T... items)}} is marked as {{@SafeVarargs}}, but I suspect the use
of the varargs is unsafe.
> An example, drawn heavily from [this StackOverflow answer|http://stackoverflow.com/a/14252221/474189],
demonstrates this:
> {code:java}
> static <T> T[] arrayOfTwo(T a, T b) {
>     return ArrayUtils.toArray(a, b);
> }
> @Test
> public void testBadVarArgs() throws Exception {
>     @SuppressWarnings("unused") // Need to assign to trigger exception
>     String[] result = arrayOfTwo("foo", "bar");
> }
> {code}
> the above code throws an exception: {{java.lang.ClassCastException: [Ljava.lang.Object;
cannot be cast to [Ljava.lang.String;}}.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message