Description
The program compares object references instead of the contents of the objects themselves, preventing it from detecting equivalent objects.
For example, in Java, comparing objects using == usually produces deceptive results, since the == operator compares object references rather than values; often, this means that using == for strings is actually comparing the strings’ references, not their values.
Modes of Introduction:
– Implementation
Related Weaknesses
CWE-1025
Consequences
Other: Varies by Context
This weakness can lead to erroneous results that can cause unexpected application behaviors.
Potential Mitigations
Phase: Implementation
Description:
In Java, use the equals() method to compare objects instead of the == operator. If using ==, it is important for performance reasons that your objects are created by a static factory, not by a constructor.
CVE References
