(THIS CODING RULE OR GUIDELINE IS UNDER CONSTRUCTION)
According to [JNI Tips], section "Local and Global References", references in native code to the same object may have different values. Return values from the NewGlobalRef function applied to the same object may be different. Consequently, object references are not necessarily constant or unique. Object references should never be compared using == in native code; instead use the IsSameObject function.
Noncompliant Code Example
This noncompliant code example shows an example where it is assumed that an object reference is constant with erroneous results.
Compliant Solution
In this compliant solution ...
Risk Assessment
If it is assumed that an object reference is constant or unique then erroneous results may be obtained that could lead to the app crashing. This, in turn, could be used to mount a denial or service attack.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
JNI02-J | Low | Probable | High | P2 | L3 |
Automated Detection
Although it may be possible to automatically detect the use of == for comparing object references in native code, in general automatic detection of the wider issue is not feasible. [Is it?]