Skip to content

Fix null-pointer vulnerability and restore Android compatibility #1495

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
robert-s-ubi wants to merge 1 commit into from
Closed

Fix null-pointer vulnerability and restore Android compatibility #1495

robert-s-ubi wants to merge 1 commit into from

Conversation

@robert-s-ubi
Copy link
Contributor

@robert-s-ubi robert-s-ubi commented Dec 9, 2025

The loop checking the list of input extensions passed as a constructor parameter was blindly calling getClass() on any element in the list. This is not null safe and broke compatibility with some Android versions.

Change the code to a null-safe instanceof check, which also restores Android compatibility.

Fixes Issue #1353.

Description

Simple one-liner fix to make the code more robust and restore Android compatibility.

Related Issue

This fixes the crash on some Android versions:

java.lang.IncompatibleClassChangeError: The method 'java.lang.Class java.lang.Object.getClass()' was expected to be of type interface but instead was found to be of type virtual (declaration of 'org.java_websocket.drafts.Draft_6455')

as reported in #1353

Motivation and Context

It restores Android compatibility and makes the code more robust.

How Has This Been Tested?

Tested on Android 8.0 and verified to cure the crash shown above.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have added tests to cover my changes.
  • All new and existing tests passed.

@robert-s-ubi
Fix null-pointer vulnerability and restore Android compatibility
328ed22 
The loop checking the list of input extensions passed as a constructor
parameter was blindly calling getClass() on any element in the list.
This is not null safe and broke compatibility with some Android
versions.

Change the code to a null-safe instanceof check, which also restores
Android compatibility.

Fixes Issue TooTallNate#1353.
@robert-s-ubi
Copy link
Contributor Author

robert-s-ubi commented Dec 9, 2025

Ah, ok, this does not work since classes extending DefaultExtension are not supposed to be recognized as the DefaultExtension.

@robert-s-ubi robert-s-ubi deleted the Fix-null-pointer-vulnerability-and-restore-Android-compatibility branch December 9, 2025 13:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@robert-s-ubi