From 328ed22d008ac817a3d92a3a5207c23adfe1a4dc Mon Sep 17 00:00:00 2001
From: Robert Schlabbach <robert.schlabbach@ubitricity.com>
Date: Tue, 9 Dec 2025 13:25:54 +0100
Subject: [PATCH] Fix null-pointer vulnerability and restore Android
 compatibility

The loop checking the list of input extensions passed as a constructor
parameter was blindly calling getClass() on any element in the list.
This is not null safe and broke compatibility with some Android
versions.

Change the code to a null-safe instanceof check, which also restores
Android compatibility.

Fixes Issue #1353.
---
 src/main/java/org/java_websocket/drafts/Draft_6455.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/org/java_websocket/drafts/Draft_6455.java b/src/main/java/org/java_websocket/drafts/Draft_6455.java
index eb4879976..a91a75dea 100644
--- a/src/main/java/org/java_websocket/drafts/Draft_6455.java
+++ b/src/main/java/org/java_websocket/drafts/Draft_6455.java
@@ -244,7 +244,7 @@ public Draft_6455(List<IExtension> inputExtensions, List<IProtocol> inputProtoco
     boolean hasDefault = false;
     byteBufferList = new ArrayList<>();
     for (IExtension inputExtension : inputExtensions) {
-      if (inputExtension.getClass().equals(DefaultExtension.class)) {
+      if (inputExtension instanceof DefaultExtension) {
         hasDefault = true;
       }
     }