From f5966890b0c1701e2b8afe302b41645e34b4454e Mon Sep 17 00:00:00 2001
From: Sam Lantinga <slouken@libsdl.org>
Date: Mon, 27 Oct 2025 08:38:00 -0700
Subject: [PATCH] Added a note that SDL_LoadPNG() is designed for trusted
 images

Fixes https://github.com/libsdl-org/SDL/issues/14338
---
 include/SDL3/SDL_surface.h | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/include/SDL3/SDL_surface.h b/include/SDL3/SDL_surface.h
index 34ecafb2d0..53a9b1f8b8 100644
--- a/include/SDL3/SDL_surface.h
+++ b/include/SDL3/SDL_surface.h
@@ -597,6 +597,8 @@ extern SDL_DECLSPEC bool SDLCALL SDL_SaveBMP(SDL_Surface *surface, const char *f
 /**
  * Load a PNG image from a seekable SDL data stream.
  *
+ * This is intended as a convenience function for loading images from trusted sources. If you want to load arbitrary images you should use libpng or another image loading library designed with security in mind.
+ *
  * The new surface should be freed with SDL_DestroySurface(). Not doing so
  * will result in a memory leak.
  *
@@ -619,6 +621,8 @@ extern SDL_DECLSPEC SDL_Surface * SDLCALL SDL_LoadPNG_IO(SDL_IOStream *src, bool
 /**
  * Load a PNG image from a file.
  *
+ * This is intended as a convenience function for loading images from trusted sources. If you want to load arbitrary images you should use libpng or another image loading library designed with security in mind.
+ *
  * The new surface should be freed with SDL_DestroySurface(). Not doing so
  * will result in a memory leak.
  *