diff options
| author | Laszlo Agocs <lagocs83@gmail.com> | 2025-03-10 15:21:52 +0100 |
|---|---|---|
| committer | Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> | 2025-03-16 19:53:27 +0000 |
| commit | 5207f8ea46b4477ce29ddb072fabb94c590b74c9 (patch) | |
| tree | 724d58167e5b95ddc6b64daa6ae327bf5fde540b /src/opengl/qopenglshaderprogram.cpp | |
| parent | 717b94f370a7c752e4cf7494a98a98d0a5c97532 (diff) | |
Add trusted content notes to QOpenGLShader(Program)
Change-Id: I089044e6834ebbb992b36c898eb956959f430522
Reviewed-by: Andy Nichols <andy.nichols@qt.io>
(cherry picked from commit f9a625eb8c774643a8e8a5ff9548634e34bf4fe0)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit ffc55b734d5c1da152e608c0205783a27fbe2f9e)
Diffstat (limited to 'src/opengl/qopenglshaderprogram.cpp')
| -rw-r--r-- | src/opengl/qopenglshaderprogram.cpp | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/src/opengl/qopenglshaderprogram.cpp b/src/opengl/qopenglshaderprogram.cpp index fb33bf0d5c1..e8ec8158feb 100644 --- a/src/opengl/qopenglshaderprogram.cpp +++ b/src/opengl/qopenglshaderprogram.cpp @@ -110,6 +110,17 @@ using namespace Qt::StringLiterals; they advertise the extension or offer OpenGL ES 3.0. In this case program binary support will be disabled. + \section1 Security Considerations + + All data consumed by QOpenGLShaderProgram is expected to be trusted content. + Shader source code is passed, possibly after minimal modifications, on to + the underlying OpenGL implementation's compiler, which is a black box from + Qt's perspective. + + \warning Application developers are advised to carefully consider the + potential implications before passing in user-provided content to functions + such as addShaderFromSourceFile(). + \sa QOpenGLShader */ @@ -126,6 +137,15 @@ using namespace Qt::StringLiterals; QOpenGLShader and QOpenGLShaderProgram shelter the programmer from the details of compiling and linking vertex and fragment shaders. + All data consumed by QOpenGLShader is expected to be trusted content. Shader + source code is passed, possibly after minimal modifications, on to the + underlying OpenGL implementation's compiler, which is a black box from Qt's + perspective. + + \warning Application developers are advised to carefully consider the + potential implications before passing in user-provided content to functions + such as compileSourceFile(). + \sa QOpenGLShaderProgram */ |