From 982483f1346d23f66a2524298c4f876565ba18ca Mon Sep 17 00:00:00 2001 From: Laszlo Agocs Date: Mon, 10 Mar 2025 13:09:59 +0100 Subject: [PATCH] rhi: Add doc notes about security considerations Pick-to: 6.8 Change-Id: Iee3ef375a5f08a0bac5fed2b45ff1d7a3b146dc5 Reviewed-by: Andy Nichols (cherry picked from commit 8612bd8345deb77a5670d774abfc73479107faf5) Reviewed-by: Qt Cherry-pick Bot --- src/gui/rhi/qrhi.cpp | 16 ++++++++++++++++ src/gui/rhi/qshader.cpp | 5 +++++ 2 files changed, 21 insertions(+) diff --git a/src/gui/rhi/qrhi.cpp b/src/gui/rhi/qrhi.cpp index 01b9a5ffab5..40945b1b5ad 100644 --- a/src/gui/rhi/qrhi.cpp +++ b/src/gui/rhi/qrhi.cpp @@ -149,6 +149,17 @@ Q_STATIC_LOGGING_CATEGORY(QRHI_LOG_RUB, "qt.rhi.rub") Tools module offers build system integration for CMake, the \c qt_add_shaders() CMake function, that can achieve the same at build time. + \section1 Security Considerations + + All data consumed by QRhi and related classes such as QShader are considered + trusted content. + + \warning Application developers are advised to carefully consider the + potential implications before allowing the feeding of user-provided content + that is not part of the application and is not under the developers' + control. (this includes all vertex/index data, shaders, pipeline and draw + call parameters, etc.) + \section1 Design Fundamentals A QRhi cannot be instantiated directly. Instead, use the create() @@ -10731,6 +10742,11 @@ QByteArray QRhi::pipelineCacheData() called at a low frequency, ideally only once e.g. when starting the application. + \warning Serialized pipeline cache data is assumed to be trusted content. Qt + performs robust parsing of the header and metadata included in \a data, + application developers are however advised to never pass in data from + untrusted sources. + \sa pipelineCacheData(), isFeatureSupported() */ void QRhi::setPipelineCacheData(const QByteArray &data) diff --git a/src/gui/rhi/qshader.cpp b/src/gui/rhi/qshader.cpp index 9bb8c294ea5..2f413825189 100644 --- a/src/gui/rhi/qshader.cpp +++ b/src/gui/rhi/qshader.cpp @@ -537,6 +537,11 @@ static void readShaderKey(QDataStream *ds, QShaderKey *k) If \a data cannot be deserialized successfully, the result is a default constructed QShader for which isValid() returns \c false. + \warning Shader packages, including \c{.qsb} files in the filesystem, are + assumed to be trusted content. Application developers are advised to + carefully consider the potential implications before allowing the loading of + user-provided content that is not part of the application. + \sa serialized() */ QShader QShader::fromSerialized(const QByteArray &data)