Fix null-pointer vulnerability and restore Android compatibility

robert-s-ubi · robert-s-ubi · commit 328ed22d008a · 2025-12-09T13:25:54.000+01:00
The loop checking the list of input extensions passed as a constructor parameter was blindly calling getClass() on any element in the list. This is not null safe and broke compatibility with some Android versions. Change the code to a null-safe instanceof check, which also restores Android compatibility. Fixes Issue #1353.
diff --git a/src/main/java/org/java_websocket/drafts/Draft_6455.java b/src/main/java/org/java_websocket/drafts/Draft_6455.java
@@ -244,7 +244,7 @@ public Draft_6455(List<IExtension> inputExtensions, List<IProtocol> inputProtoco
     boolean hasDefault = false;
     byteBufferList = new ArrayList<>();
     for (IExtension inputExtension : inputExtensions) {
-      if (inputExtension.getClass().equals(DefaultExtension.class)) {
+      if (inputExtension instanceof DefaultExtension) {
         hasDefault = true;
       }
     }

Original file line number	Diff line number	Diff line change
`@@ -244,7 +244,7 @@ public Draft_6455(List<IExtension> inputExtensions, List<IProtocol> inputProtoco`
`244`	`244`	`boolean hasDefault = false;`
`245`	`245`	`byteBufferList = new ArrayList<>();`
`246`	`246`	`for (IExtension inputExtension : inputExtensions) {`
`247`		`- if (inputExtension.getClass().equals(DefaultExtension.class)) {`
	`247`	`+ if (inputExtension instanceof DefaultExtension) {`
`248`	`248`	`hasDefault = true;`
`249`	`249`	`}`
`250`	`250`	`}`