JD.EQ.ARR is reported when two arrays are compared through an equals() method.

Vulnerability and risk

Method equals() called on array operates the same as a '==' operator, comparing references, not the array itself. It is most likely an error; a deep array comparison is required.

Mitigation and prevention

Either change this method invocation to an invocation of a deep array comparison Arrays.equals(arr1,arr2) or use a direct reference comparison arr1==arr2 (but only if the objects are exactly the same.)

Example 1

9          static class MyClass {
10              String names[];
11              public boolean equals(Object o) {
12                      if (!(o instanceof MyClass))
13                              return false;
14                  MyClass m = (MyClass)o;
15                      return this.names.equals(m.names);
16              }
17      }

JD.EQ.ARR is reported for 'equals' call on line 15: Comparison of arrays using the 'equals' method. For arrays, 'equals' compares the identities of the two arrays - not the values of the array contents. Should probably be replaced with java.util.Arrays.equals(...) call.

Related checkers