summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLaszlo Agocs <[email protected]>2025-03-10 13:09:59 +0100
committerLaszlo Agocs <[email protected]>2025-03-11 13:54:48 +0100
commit8612bd8345deb77a5670d774abfc73479107faf5 (patch)
treea95eef74fd0dd7f63f365f44ce22fce6b4ce8ba8
parent30dc9ed13fcc2691ed656f6f36d419133856c8cd (diff)
rhi: Add doc notes about security considerations
Pick-to: 6.9 6.8 Change-Id: Iee3ef375a5f08a0bac5fed2b45ff1d7a3b146dc5 Reviewed-by: Andy Nichols <[email protected]>
-rw-r--r--src/gui/rhi/qrhi.cpp16
-rw-r--r--src/gui/rhi/qshader.cpp5
2 files changed, 21 insertions, 0 deletions
diff --git a/src/gui/rhi/qrhi.cpp b/src/gui/rhi/qrhi.cpp
index 021d459217b..5a7d316c4ee 100644
--- a/src/gui/rhi/qrhi.cpp
+++ b/src/gui/rhi/qrhi.cpp
@@ -149,6 +149,17 @@ Q_STATIC_LOGGING_CATEGORY(QRHI_LOG_RUB, "qt.rhi.rub")
Tools module offers build system integration for CMake, the
\c qt_add_shaders() CMake function, that can achieve the same at build time.
+ \section1 Security Considerations
+
+ All data consumed by QRhi and related classes such as QShader are considered
+ trusted content.
+
+ \warning Application developers are advised to carefully consider the
+ potential implications before allowing the feeding of user-provided content
+ that is not part of the application and is not under the developers'
+ control. (this includes all vertex/index data, shaders, pipeline and draw
+ call parameters, etc.)
+
\section1 Design Fundamentals
A QRhi cannot be instantiated directly. Instead, use the create()
@@ -10979,6 +10990,11 @@ QByteArray QRhi::pipelineCacheData()
called at a low frequency, ideally only once e.g. when starting the
application.
+ \warning Serialized pipeline cache data is assumed to be trusted content. Qt
+ performs robust parsing of the header and metadata included in \a data,
+ application developers are however advised to never pass in data from
+ untrusted sources.
+
\sa pipelineCacheData(), isFeatureSupported()
*/
void QRhi::setPipelineCacheData(const QByteArray &data)
diff --git a/src/gui/rhi/qshader.cpp b/src/gui/rhi/qshader.cpp
index b0cba77af99..e1fe23c2a2f 100644
--- a/src/gui/rhi/qshader.cpp
+++ b/src/gui/rhi/qshader.cpp
@@ -540,6 +540,11 @@ static void readShaderKey(QDataStream *ds, QShaderKey *k)
If \a data cannot be deserialized successfully, the result is a default
constructed QShader for which isValid() returns \c false.
+ \warning Shader packages, including \c{.qsb} files in the filesystem, are
+ assumed to be trusted content. Application developers are advised to
+ carefully consider the potential implications before allowing the loading of
+ user-provided content that is not part of the application.
+
\sa serialized()
*/
QShader QShader::fromSerialized(const QByteArray &data)