Mark QDebug as security-critical

QDebug can be used to print strings from untrusted sources. Since QDebug modifies these strings to improve their appearance, it parses their contents as part of the formatting process. This behavior can be exploited by attackers to trigger bugs in QDebug, making it a potential attack vector. Therefore, mark it as security-critical. Header and implementation files are marked. QUIP: 23 Pick-to: 6.10 6.9 6.8 Task-number: QTBUG-135187 Change-Id: I3d751f196a110354ef6c81aa9d2af5e2c88a9b6a Reviewed-by: Marc Mutz <marc.mutz@qt.io>
author: Matthias Rauter <matthias.rauter@qt.io> 2025-06-17 14:48:13 +0200
committer: Matthias Rauter <matthias.rauter@qt.io> 2025-06-19 12:30:44 +0200
commit: d9a0cbc36c14b58c567731e820f6ea83c2c4da36 (patch)
tree: 2af41270f746392501f3ff2542ceb60e01580a50 /src/corelib/io/qdebug.cpp
parent: 53cc56279cc71f1895e10c3f0d1d6f1d71f03923 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/src/corelib/io/qdebug.cpp b/src/corelib/io/qdebug.cpp
index e1f5035d9c0..645f27798c4 100644
--- a/src/corelib/io/qdebug.cpp
+++ b/src/corelib/io/qdebug.cpp
@@ -1,6 +1,7 @@
 // Copyright (C) 2016 The Qt Company Ltd.
 // Copyright (C) 2016 Intel Corporation.
 // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
+// Qt-Security score:critical reason:data-parsing
 
 #include "qdebug.h"
 #include "private/qdebug_p.h"
author	Matthias Rauter <matthias.rauter@qt.io>	2025-06-17 14:48:13 +0200
committer	Matthias Rauter <matthias.rauter@qt.io>	2025-06-19 12:30:44 +0200
commit	d9a0cbc36c14b58c567731e820f6ea83c2c4da36 (patch)
tree	2af41270f746392501f3ff2542ceb60e01580a50 /src/corelib/io/qdebug.cpp
parent	53cc56279cc71f1895e10c3f0d1d6f1d71f03923 (diff)