From b6dd07382aa7fcedb58cffc31f166987a8b0a22a Mon Sep 17 00:00:00 2001
From: Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@qt.io>
Date: Mon, 10 Mar 2025 13:39:09 +0100
Subject: [PATCH] Mark low-level text classes as security critical

These files process raw end user provided data and
apply structure to it, through layout and Unicode algorithms.

Extra care should be taken when reviewing changes to these
files.

Pick-to: 6.8
Change-Id: Iba86aec1a185bbbcd40aa2b8d4d0d839bb99ba0d
Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io>
(cherry picked from commit 2198cdc40630713670064334fb34dc2255980800)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
---
 src/gui/text/qtextengine.cpp | 1 +
 src/gui/text/qtextlayout.cpp | 1 +
 2 files changed, 2 insertions(+)

diff --git a/src/gui/text/qtextengine.cpp b/src/gui/text/qtextengine.cpp
index a930f103c60..47ae640248c 100644
--- a/src/gui/text/qtextengine.cpp
+++ b/src/gui/text/qtextengine.cpp
@@ -1,5 +1,6 @@
 // Copyright (C) 2021 The Qt Company Ltd.
 // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
+// Qt-Security score:critical reason:data-parser
 
 #include <QtGui/private/qtguiglobal_p.h>
 #include "qdebug.h"
diff --git a/src/gui/text/qtextlayout.cpp b/src/gui/text/qtextlayout.cpp
index 46ba2e69e3c..3e48ad706ce 100644
--- a/src/gui/text/qtextlayout.cpp
+++ b/src/gui/text/qtextlayout.cpp
@@ -1,5 +1,6 @@
 // Copyright (C) 2016 The Qt Company Ltd.
 // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
+// Qt-Security score:critical reason:data-parser
 
 #include "qtextlayout.h"
 #include "qtextengine_p.h"