Mark QDataStream as security-critical

QDataStream clearly parses data, both in the .cpp file and the header. The class is used for over the network data communication in QtRemoteObjects, so this obviously needs to be security-critical, because de-facto, users will use this class in such ways, too. Amends 8df072fc8006510c9b743e8ffedaaf51a876883a. QUIP: 23 Task-number: QTBUG-135194 Pick-to: 6.10 6.9 6.8 Change-Id: I02a14e3c3fa1e008a532dd2e752b667cdc254e8e Reviewed-by: Juha Vuolle <juha.vuolle@qt.io> Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
author: Marc Mutz <marc.mutz@qt.io> 2025-04-23 13:42:42 +0200
committer: Marc Mutz <marc.mutz@qt.io> 2025-06-17 15:58:54 +0000
commit: 0b9d4c3a857144bad2937f964101c57ae7efec4c (patch)
tree: ef9ca9ed05c44861869df40c846e5149c6783b28 /src/corelib/serialization/qdatastream.cpp
parent: 7f51608013ba4352d6c5acf77172a7929d7cfdb6 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/src/corelib/serialization/qdatastream.cpp b/src/corelib/serialization/qdatastream.cpp
index 1a1f66a372f..d51ba037aa7 100644
--- a/src/corelib/serialization/qdatastream.cpp
+++ b/src/corelib/serialization/qdatastream.cpp
@@ -1,5 +1,6 @@
 // Copyright (C) 2016 The Qt Company Ltd.
 // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
+// Qt-Security score:critical reason:data-parser
 
 #include "qdatastream.h"
author	Marc Mutz <marc.mutz@qt.io>	2025-04-23 13:42:42 +0200
committer	Marc Mutz <marc.mutz@qt.io>	2025-06-17 15:58:54 +0000
commit	0b9d4c3a857144bad2937f964101c57ae7efec4c (patch)
tree	ef9ca9ed05c44861869df40c846e5149c6783b28 /src/corelib/serialization/qdatastream.cpp
parent	7f51608013ba4352d6c5acf77172a7929d7cfdb6 (diff)