CWE-595 – Comparison of Object References Instead of Object Contents

Read Time:38 Second

Description

The program compares object references instead of the contents of the objects themselves, preventing it from detecting equivalent objects.

For example, in Java, comparing objects using == usually produces deceptive results, since the == operator compares object references rather than values; often, this means that using == for strings is actually comparing the strings’ references, not their values.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-1025

 

Consequences

Other: Varies by Context

This weakness can lead to erroneous results that can cause unexpected application behaviors.

 

Potential Mitigations

Phase: Implementation

Description: 

In Java, use the equals() method to compare objects instead of the == operator. If using ==, it is important for performance reasons that your objects are created by a static factory, not by a constructor.

CVE References