diff options
author | Laszlo Agocs <[email protected]> | 2025-03-10 13:09:59 +0100 |
---|---|---|
committer | Laszlo Agocs <[email protected]> | 2025-03-11 13:54:48 +0100 |
commit | 8612bd8345deb77a5670d774abfc73479107faf5 (patch) | |
tree | a95eef74fd0dd7f63f365f44ce22fce6b4ce8ba8 | |
parent | 30dc9ed13fcc2691ed656f6f36d419133856c8cd (diff) |
rhi: Add doc notes about security considerations
Pick-to: 6.9 6.8
Change-Id: Iee3ef375a5f08a0bac5fed2b45ff1d7a3b146dc5
Reviewed-by: Andy Nichols <[email protected]>
-rw-r--r-- | src/gui/rhi/qrhi.cpp | 16 | ||||
-rw-r--r-- | src/gui/rhi/qshader.cpp | 5 |
2 files changed, 21 insertions, 0 deletions
diff --git a/src/gui/rhi/qrhi.cpp b/src/gui/rhi/qrhi.cpp index 021d459217b..5a7d316c4ee 100644 --- a/src/gui/rhi/qrhi.cpp +++ b/src/gui/rhi/qrhi.cpp @@ -149,6 +149,17 @@ Q_STATIC_LOGGING_CATEGORY(QRHI_LOG_RUB, "qt.rhi.rub") Tools module offers build system integration for CMake, the \c qt_add_shaders() CMake function, that can achieve the same at build time. + \section1 Security Considerations + + All data consumed by QRhi and related classes such as QShader are considered + trusted content. + + \warning Application developers are advised to carefully consider the + potential implications before allowing the feeding of user-provided content + that is not part of the application and is not under the developers' + control. (this includes all vertex/index data, shaders, pipeline and draw + call parameters, etc.) + \section1 Design Fundamentals A QRhi cannot be instantiated directly. Instead, use the create() @@ -10979,6 +10990,11 @@ QByteArray QRhi::pipelineCacheData() called at a low frequency, ideally only once e.g. when starting the application. + \warning Serialized pipeline cache data is assumed to be trusted content. Qt + performs robust parsing of the header and metadata included in \a data, + application developers are however advised to never pass in data from + untrusted sources. + \sa pipelineCacheData(), isFeatureSupported() */ void QRhi::setPipelineCacheData(const QByteArray &data) diff --git a/src/gui/rhi/qshader.cpp b/src/gui/rhi/qshader.cpp index b0cba77af99..e1fe23c2a2f 100644 --- a/src/gui/rhi/qshader.cpp +++ b/src/gui/rhi/qshader.cpp @@ -540,6 +540,11 @@ static void readShaderKey(QDataStream *ds, QShaderKey *k) If \a data cannot be deserialized successfully, the result is a default constructed QShader for which isValid() returns \c false. + \warning Shader packages, including \c{.qsb} files in the filesystem, are + assumed to be trusted content. Application developers are advised to + carefully consider the potential implications before allowing the loading of + user-provided content that is not part of the application. + \sa serialized() */ QShader QShader::fromSerialized(const QByteArray &data) |