From f5966890b0c1701e2b8afe302b41645e34b4454e Mon Sep 17 00:00:00 2001
From: Sam Lantinga <[EMAIL REDACTED]>
Date: Mon, 27 Oct 2025 08:38:00 -0700
Subject: [PATCH] Added a note that SDL_LoadPNG() is designed for trusted
images
Fixes https://github.com/libsdl-org/SDL/issues/14338
---
include/SDL3/SDL_surface.h | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/include/SDL3/SDL_surface.h b/include/SDL3/SDL_surface.h
index 34ecafb2d02ea..53a9b1f8b8dc6 100644
--- a/include/SDL3/SDL_surface.h
+++ b/include/SDL3/SDL_surface.h
@@ -597,6 +597,8 @@ extern SDL_DECLSPEC bool SDLCALL SDL_SaveBMP(SDL_Surface *surface, const char *f
/**
* Load a PNG image from a seekable SDL data stream.
*
+ * This is intended as a convenience function for loading images from trusted sources. If you want to load arbitrary images you should use libpng or another image loading library designed with security in mind.
+ *
* The new surface should be freed with SDL_DestroySurface(). Not doing so
* will result in a memory leak.
*
@@ -619,6 +621,8 @@ extern SDL_DECLSPEC SDL_Surface * SDLCALL SDL_LoadPNG_IO(SDL_IOStream *src, bool
/**
* Load a PNG image from a file.
*
+ * This is intended as a convenience function for loading images from trusted sources. If you want to load arbitrary images you should use libpng or another image loading library designed with security in mind.
+ *
* The new surface should be freed with SDL_DestroySurface(). Not doing so
* will result in a memory leak.
*