Mark string collation classes as security-critical

QString and QByteArray are critical, too, and not because of their ownership semantics, but because of the algorithms operating on them. Collation is one of those algorithms. The headers are not decls-only, but they only contain trivial implementation (like (QChar*, int) -> QStringView forwarders, or the move SMFs or swap()), so are significant. QUIP: 23 Task-number: QTBUG-135195 Pick-to: 6.10 6.8 Change-Id: I2e3418fd74b12cbfa297576f25a37ec2ea050902 Reviewed-by: Ivan Solovev <[email protected]> Reviewed-by: Matthias Rauter <[email protected]>
author: Marc Mutz <[email protected]> 2025-09-10 10:41:44 +0200
committer: Marc Mutz <[email protected]> 2025-10-15 19:45:28 +0200
commit: c7b8563758a3f3d29cde317ace3f4d296bca5a9e (patch)
tree: 091413ffa6d883ff8a2a55220bcab6fd83f6d3e3 /src
parent: 956f7a94566d3ddb63d79d49ad047ec1a6ab03cc (diff)
7 files changed, 7 insertions, 0 deletions
diff --git a/src/corelib/text/qcollator.cpp b/src/corelib/text/qcollator.cpp
index 9ead847843b..6609d17adf4 100644
--- a/src/corelib/text/qcollator.cpp
+++ b/src/corelib/text/qcollator.cpp
@@ -1,6 +1,7 @@
 // Copyright (C) 2021 The Qt Company Ltd.
 // Copyright (C) 2013 Aleix Pol Gonzalez <[email protected]>
 // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
+// Qt-Security score:critical reason:data-parser
 
 #include "qcollator_p.h"
 #include "qstringlist.h"
diff --git a/src/corelib/text/qcollator.h b/src/corelib/text/qcollator.h
index 870811fc48e..2b1e3963b0d 100644
--- a/src/corelib/text/qcollator.h
+++ b/src/corelib/text/qcollator.h
@@ -1,6 +1,7 @@
 // Copyright (C) 2020 The Qt Company Ltd.
 // Copyright (C) 2013 Aleix Pol Gonzalez <[email protected]>
 // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
+// Qt-Security score:significant reason:trivial-impl-only
 
 #ifndef QCOLLATOR_H
 #define QCOLLATOR_H
diff --git a/src/corelib/text/qcollator_icu.cpp b/src/corelib/text/qcollator_icu.cpp
index 84f9c515374..e13e96285ef 100644
--- a/src/corelib/text/qcollator_icu.cpp
+++ b/src/corelib/text/qcollator_icu.cpp
@@ -1,6 +1,7 @@
 // Copyright (C) 2020 The Qt Company Ltd.
 // Copyright (C) 2013 Aleix Pol Gonzalez <[email protected]>
 // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
+// Qt-Security score:critical reason:data-parser
 
 #include "qcollator_p.h"
 #include "qlocale_p.h"
diff --git a/src/corelib/text/qcollator_macx.cpp b/src/corelib/text/qcollator_macx.cpp
index 23c23bd53a2..c0561877dd1 100644
--- a/src/corelib/text/qcollator_macx.cpp
+++ b/src/corelib/text/qcollator_macx.cpp
@@ -1,5 +1,6 @@
 // Copyright (C) 2020 Aleix Pol Gonzalez <[email protected]>
 // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
+// Qt-Security score:critical reason:data-parser
 
 #include "qcollator_p.h"
 #include "qlocale_p.h"
diff --git a/src/corelib/text/qcollator_p.h b/src/corelib/text/qcollator_p.h
index b96cdbaa32a..400cafc0c8a 100644
--- a/src/corelib/text/qcollator_p.h
+++ b/src/corelib/text/qcollator_p.h
@@ -1,6 +1,7 @@
 // Copyright (C) 2016 The Qt Company Ltd.
 // Copyright (C) 2013 Aleix Pol Gonzalez <[email protected]>
 // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
+// Qt-Security score:significant reason:trivial-impl-only
 
 #ifndef QCOLLATOR_P_H
 #define QCOLLATOR_P_H
diff --git a/src/corelib/text/qcollator_posix.cpp b/src/corelib/text/qcollator_posix.cpp
index 5ed80c1b8ea..2712133521c 100644
--- a/src/corelib/text/qcollator_posix.cpp
+++ b/src/corelib/text/qcollator_posix.cpp
@@ -1,6 +1,7 @@
 // Copyright (C) 2021 The Qt Company Ltd.
 // Copyright (C) 2013 Aleix Pol Gonzalez <[email protected]>
 // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
+// Qt-Security score:critical reason:data-parser
 
 #include "qcollator_p.h"
 #include "qstringlist.h"
diff --git a/src/corelib/text/qcollator_win.cpp b/src/corelib/text/qcollator_win.cpp
index b588f5ff46a..54228b79b31 100644
--- a/src/corelib/text/qcollator_win.cpp
+++ b/src/corelib/text/qcollator_win.cpp
@@ -1,5 +1,6 @@
 // Copyright (C) 2020 Aleix Pol Gonzalez <[email protected]>
 // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
+// Qt-Security score:critical reason:data-parser
 
 #include "qcollator_p.h"
 #include "qlocale_p.h"
author	Marc Mutz <[email protected]>	2025-09-10 10:41:44 +0200
committer	Marc Mutz <[email protected]>	2025-10-15 19:45:28 +0200
commit	c7b8563758a3f3d29cde317ace3f4d296bca5a9e (patch)
tree	091413ffa6d883ff8a2a55220bcab6fd83f6d3e3 /src
parent	956f7a94566d3ddb63d79d49ad047ec1a6ab03cc (diff)