From f15c1606ae4b3e9007b4d0f84a5a9fe1ccdb3ef5 Mon Sep 17 00:00:00 2001 From: Marc Mutz Date: Fri, 19 Sep 2025 14:45:04 +0200 Subject: [PATCH] Mark all QTextCodec implementation files as security-critical QStringConverter is, so these should be, too. Task-number: QTBUG-135745 Pick-to: 6.10 6.8 Change-Id: I2360bf3ae5ee280dd81f482999f4620c7ffd5134 Reviewed-by: Ivan Solovev --- src/core5/codecs/qbig5codec.cpp | 1 + src/core5/codecs/qeucjpcodec.cpp | 1 + src/core5/codecs/qeuckrcodec.cpp | 1 + src/core5/codecs/qgb18030codec.cpp | 1 + src/core5/codecs/qiconvcodec.cpp | 1 + src/core5/codecs/qicucodec.cpp | 1 + src/core5/codecs/qisciicodec.cpp | 2 ++ src/core5/codecs/qjiscodec.cpp | 1 + src/core5/codecs/qjpunicode.cpp | 1 + src/core5/codecs/qlatincodec.cpp | 1 + src/core5/codecs/qsimplecodec.cpp | 1 + src/core5/codecs/qsjiscodec.cpp | 1 + src/core5/codecs/qtextcodec.cpp | 1 + src/core5/codecs/qtsciicodec.cpp | 1 + src/core5/codecs/qutfcodec.cpp | 1 + src/core5/codecs/qwindowscodec.cpp | 1 + 16 files changed, 17 insertions(+) diff --git a/src/core5/codecs/qbig5codec.cpp b/src/core5/codecs/qbig5codec.cpp index b68d13e..2628973 100644 --- a/src/core5/codecs/qbig5codec.cpp +++ b/src/core5/codecs/qbig5codec.cpp @@ -1,5 +1,6 @@ // Copyright (C) 2016 The Qt Company Ltd. // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:critical reason:data-parser #include "qbig5codec_p.h" diff --git a/src/core5/codecs/qeucjpcodec.cpp b/src/core5/codecs/qeucjpcodec.cpp index 0976e60..e42fd2f 100644 --- a/src/core5/codecs/qeucjpcodec.cpp +++ b/src/core5/codecs/qeucjpcodec.cpp @@ -1,5 +1,6 @@ // Copyright (C) 2016 The Qt Company Ltd. // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:critical reason:data-parser // Most of the code here was originally written by Serika Kurusugawa // a.k.a. Junji Takagi, and is included in Qt with the author's permission, diff --git a/src/core5/codecs/qeuckrcodec.cpp b/src/core5/codecs/qeuckrcodec.cpp index 64b6135..a658eb4 100644 --- a/src/core5/codecs/qeuckrcodec.cpp +++ b/src/core5/codecs/qeuckrcodec.cpp @@ -1,5 +1,6 @@ // Copyright (C) 2016 The Qt Company Ltd. // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:critical reason:data-parser // Most of the cp949 code was originally written by Joon-Kyu Park, and is included // in Qt with the author's permission and the grateful thanks of the Qt team. diff --git a/src/core5/codecs/qgb18030codec.cpp b/src/core5/codecs/qgb18030codec.cpp index e7160b2..97c645d 100644 --- a/src/core5/codecs/qgb18030codec.cpp +++ b/src/core5/codecs/qgb18030codec.cpp @@ -1,5 +1,6 @@ // Copyright (C) 2016 The Qt Company Ltd. // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:critical reason:data-parser /*! \class QGb18030Codec \inmodule QtCore5Compat diff --git a/src/core5/codecs/qiconvcodec.cpp b/src/core5/codecs/qiconvcodec.cpp index f3ae97f..2bfba5a 100644 --- a/src/core5/codecs/qiconvcodec.cpp +++ b/src/core5/codecs/qiconvcodec.cpp @@ -1,5 +1,6 @@ // Copyright (C) 2016 The Qt Company Ltd. // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:critical reason:data-parser #include diff --git a/src/core5/codecs/qicucodec.cpp b/src/core5/codecs/qicucodec.cpp index f06916a..55643dc 100644 --- a/src/core5/codecs/qicucodec.cpp +++ b/src/core5/codecs/qicucodec.cpp @@ -1,5 +1,6 @@ // Copyright (C) 2016 The Qt Company Ltd. // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:critical reason:data-parser #include "qicucodec_p.h" diff --git a/src/core5/codecs/qisciicodec.cpp b/src/core5/codecs/qisciicodec.cpp index 58d4830..d7c9f0b 100644 --- a/src/core5/codecs/qisciicodec.cpp +++ b/src/core5/codecs/qisciicodec.cpp @@ -1,5 +1,7 @@ // Copyright (C) 2016 The Qt Company Ltd. // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:critical reason:data-parser + #include "qisciicodec_p.h" #include "qtextcodec_p.h" #include "qlist.h" diff --git a/src/core5/codecs/qjiscodec.cpp b/src/core5/codecs/qjiscodec.cpp index c9d63a3..a79b6cd 100644 --- a/src/core5/codecs/qjiscodec.cpp +++ b/src/core5/codecs/qjiscodec.cpp @@ -1,5 +1,6 @@ // Copyright (C) 2016 The Qt Company Ltd. // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:critical reason:data-parser // Most of the code here was originally written by Serika Kurusugawa, // a.k.a. Junji Takagi, and is included in Qt with the author's permission diff --git a/src/core5/codecs/qjpunicode.cpp b/src/core5/codecs/qjpunicode.cpp index 371e002..33f8cc7 100644 --- a/src/core5/codecs/qjpunicode.cpp +++ b/src/core5/codecs/qjpunicode.cpp @@ -1,5 +1,6 @@ // Copyright (C) 2016 The Qt Company Ltd. // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:critical reason:data-parser /*! \class QJpUnicodeConv \inmodule QtCore5Compat diff --git a/src/core5/codecs/qlatincodec.cpp b/src/core5/codecs/qlatincodec.cpp index e56e1e7..14cdda4 100644 --- a/src/core5/codecs/qlatincodec.cpp +++ b/src/core5/codecs/qlatincodec.cpp @@ -1,5 +1,6 @@ // Copyright (C) 2016 The Qt Company Ltd. // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:critical reason:data-parser #include "qlatincodec_p.h" #include "qlist.h" diff --git a/src/core5/codecs/qsimplecodec.cpp b/src/core5/codecs/qsimplecodec.cpp index a4601fd..0d74765 100644 --- a/src/core5/codecs/qsimplecodec.cpp +++ b/src/core5/codecs/qsimplecodec.cpp @@ -1,5 +1,6 @@ // Copyright (C) 2016 The Qt Company Ltd. // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:critical reason:data-parser #include "qsimplecodec_p.h" #include "qlist.h" diff --git a/src/core5/codecs/qsjiscodec.cpp b/src/core5/codecs/qsjiscodec.cpp index eb7d50a..fed1ac0 100644 --- a/src/core5/codecs/qsjiscodec.cpp +++ b/src/core5/codecs/qsjiscodec.cpp @@ -1,5 +1,6 @@ // Copyright (C) 2016 The Qt Company Ltd. // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:critical reason:data-parser // Most of the code here was originally written by Serika Kurusugawa // a.k.a. Junji Takagi, and is included in Qt with the author's permission, diff --git a/src/core5/codecs/qtextcodec.cpp b/src/core5/codecs/qtextcodec.cpp index 095e9cd..0d0894c 100644 --- a/src/core5/codecs/qtextcodec.cpp +++ b/src/core5/codecs/qtextcodec.cpp @@ -1,6 +1,7 @@ // Copyright (C) 2018 The Qt Company Ltd. // Copyright (C) 2018 Intel Corporation. // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:critical reason:data-parser #include "qplatformdefs.h" diff --git a/src/core5/codecs/qtsciicodec.cpp b/src/core5/codecs/qtsciicodec.cpp index 32f0cde..c5151da 100644 --- a/src/core5/codecs/qtsciicodec.cpp +++ b/src/core5/codecs/qtsciicodec.cpp @@ -1,5 +1,6 @@ // Copyright (C) 2016 The Qt Company Ltd. // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:critical reason:data-parser // Most of the code here was originally written by Hans Petter Bieker, // and is included in Qt with the author's permission, and the grateful diff --git a/src/core5/codecs/qutfcodec.cpp b/src/core5/codecs/qutfcodec.cpp index 5098a32..9e2c442 100644 --- a/src/core5/codecs/qutfcodec.cpp +++ b/src/core5/codecs/qutfcodec.cpp @@ -1,6 +1,7 @@ // Copyright (C) 2016 The Qt Company Ltd. // Copyright (C) 2018 Intel Corporation. // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:critical reason:data-parser #include "qutfcodec_p.h" #include "qlist.h" diff --git a/src/core5/codecs/qwindowscodec.cpp b/src/core5/codecs/qwindowscodec.cpp index 99c890f..242ccfa 100644 --- a/src/core5/codecs/qwindowscodec.cpp +++ b/src/core5/codecs/qwindowscodec.cpp @@ -1,5 +1,6 @@ // Copyright (C) 2016 The Qt Company Ltd. // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:critical reason:data-parser #include "qwindowscodec_p.h" #include "private/qstringconverter_p.h"