Enable LSAN in CI

To check for leaks

.kde-ci.yml

@@ -9,3 +9,4 @@ Options:
  require-passing-tests-on: ['Linux', 'FreeBSD', 'Windows']
  cmake-options: "-DKIMAGEFORMATS_WITH_KNOWN_CRASHES_JXR=ON -DKIMAGEFORMATS_HEIF=ON -DKIMAGEFORMATS_HEIF_TEST:STRING=OFF -DKIMAGEFORMATS_HEJ2_TEST:STRING=OFF -DKIMAGEFORMATS_AVCI_TEST:STRING=OFF"
  per-test-timeout: 90
+ enable-lsan: True

CMakeLists.txt

@@ -1,11 +1,11 @@
 cmake_minimum_required(VERSION 3.29)
 
 set(KF_VERSION "6.27.0") # handled by release scripts
-set(KF_DEP_VERSION "6.27.0") # handled by release scripts
+set(KF_DEP_VERSION "6.26.0") # handled by release scripts
 project(KImageFormats VERSION ${KF_VERSION})
 
 include(FeatureSummary)
-find_package(ECM 6.27.0  NO_MODULE)
+find_package(ECM 6.26.0  NO_MODULE)
 set_package_properties(ECM PROPERTIES TYPE REQUIRED DESCRIPTION "Extra CMake Modules." URL "https://commits.kde.org/extra-cmake-modules")
 feature_summary(WHAT REQUIRED_PACKAGES_NOT_FOUND FATAL_ON_MISSING_REQUIRED_PACKAGES)
 

README.md

@@ -244,7 +244,7 @@ RGB.
 Where possible, plugins support large images. By convention, many of the
 large image plugins are limited to a maximum of 300,000 x 300,000 pixels.
 Anyway, all plugins are also limited by the
-`QImageReader::allocationLimit()`.
+`QImageIOReader::allocationLimit()`.
 
 > [!note]
 > You can change the maximum limit of 300000 pixels by setting the constant
@@ -300,18 +300,8 @@ consumption proportional to the size of the image to be saved.
 Normally this is not a source of problems because the affected plugins
 are limited to maximum images of 2GiB or less.
 
-Note that the value of `QImageReader::allocationLimit()` is only used when 
-allocating a new `QImage`. Since this parameter was created to limit damage 
-caused by corrupted files, any conversion of `QImage` (for example, with 
-`QImage::convertTo()`) is not subject to this limit.
-
 On plugins for formats that support large images, progressive conversion has
 been used or the maximum size of the image that can be saved has been limited.
-Plugins that use external libraries don't always allow progressive decoding 
-(e.g., the JPEG series). In these cases, the memory required for reading 
-may be much larger than the entire decoded image. When the external library has 
-a maximum memory limit function, the value of `QImageReader::allocationLimit()` 
-is set.
 
 ### Non-RGB formats
 
@@ -459,13 +449,8 @@ plugin:
 > [!caution]
 > The plugin disabled by default due to security issues in [jxrlib](https://github.com/4creators/jxrlib): 
 > the upstream jxrlib is dead and there is no "hope" they will fix the issues.
->
 > **You should not enable it unless you know what you are doing.**
 
-> [!note]
-> Security issues in the jxrlib discovered by the [KImageFormats OSS-Fuzz project](https://github.com/google/oss-fuzz/tree/master/projects/kimageformats) 
-> should be fixed in this [jxrlib fork](https://github.com/mircomir/jxrlib).
-
 The following defines can be defined in cmake to modify the behavior of the 
 plugin:
 - `JXR_DENY_FLOAT_IMAGE`: disables the use of float images and consequently 
@@ -478,6 +463,9 @@ plugin:
   it only wants (P)BGRA32bpp files (a format not supported by Qt). Only for 
   this format an hack is activated to guarantee total compatibility of the 
   plugin with Windows.
+- `JXR_ENABLE_ADVANCED_METADATA`: enable metadata support (e.g. XMP). Some 
+  distributions use an incomplete JXR library that does not allow reading 
+  metadata, causing compilation errors.
 
 ### The KRA plugin
 

autotests/ossfuzz/kimgio_fuzzer.cc

@@ -63,7 +63,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
     int argc = 0;
     QCoreApplication a(argc, nullptr);
 
-    QImageReader::setAllocationLimit(512);
+    QImageReader::setAllocationLimit(2000);
 
     QImageIOHandler* handler = new HANDLER();
 

src/imageformats/jxr.cpp

@@ -43,39 +43,41 @@ Q_LOGGING_CATEGORY(LOG_JXRPLUGIN, "kf.imageformats.plugins.jxr", QtWarningMsg)
 #endif
 
 /*!
- * \brief JXR_DENY_FLOAT_IMAGE
+ * Support for float images
  *
- * When defined, disables the support for float images.
- * \note Float images have values greater than 1 so they need an additional in place conversion.
+ * NOTE: Float images have values greater than 1 so they need an additional in place conversion.
  */
-#ifndef JXR_DENY_FLOAT_IMAGE
 // #define JXR_DENY_FLOAT_IMAGE // default commented
-#endif
 
 /*!
- * \brief JXR_DISABLE_DEPTH_CONVERSION
- *
- * When defined, removes the needs of additional memory by disabling the conversion between
+ * Remove the needs of additional memory by disabling the conversion between
  * different color depths (e.g. RGBA64bpp to RGBA32bpp).
- * \note Leaving depth conversion enabled (default) ensures maximum read compatibility.
+ *
+ * NOTE: Leaving deptch conversion enabled (default) ensures maximum read compatibility.
  */
-#ifndef JXR_DISABLE_DEPTH_CONVERSION
 // #define JXR_DISABLE_DEPTH_CONVERSION // default commented
-#endif
 
 /*!
- * \brief JXR_DISABLE_BGRA_HACK
- *
- * When defined, disables Windows compatibility for BGRs.
- *
  * Windows displays and opens JXR files correctly out of the box. Unfortunately it doesn't
  * seem to open (P)RGBA @32bpp files as it only wants (P)BGRA32bpp files (a format not supported by Qt).
- * Only for this format, an hack is activated to guarantee total compatibility of the plugin with Windows,
- * at the cost of some overhead.
+ * Only for this format an hack is activated to guarantee total compatibility of the plugin with Windows.
  */
-#ifndef JXR_DISABLE_BGRA_HACK
 // #define JXR_DISABLE_BGRA_HACK // default commented
-#endif
+
+/*!
+ * The following functions are present in the Debian headers but not in the SUSE ones even if the source version is 1.0.1 on both.
+ *
+ * - ERR PKImageDecode_GetXMPMetadata_WMP(PKImageDecode *pID, U8 *pbXMPMetadata, U32 *pcbXMPMetadata);
+ * - ERR PKImageDecode_GetEXIFMetadata_WMP(PKImageDecode *pID, U8 *pbEXIFMetadata, U32 *pcbEXIFMetadata);
+ * - ERR PKImageDecode_GetGPSInfoMetadata_WMP(PKImageDecode *pID, U8 *pbGPSInfoMetadata, U32 *pcbGPSInfoMetadata);
+ * - ERR PKImageDecode_GetIPTCNAAMetadata_WMP(PKImageDecode *pID, U8 *pbIPTCNAAMetadata, U32 *pcbIPTCNAAMetadata);
+ * - ERR PKImageDecode_GetPhotoshopMetadata_WMP(PKImageDecode *pID, U8 *pbPhotoshopMetadata, U32 *pcbPhotoshopMetadata);
+ *
+ * As a result, their use is disabled by default. It is possible to activate their use by defining the
+ * JXR_ENABLE_ADVANCED_METADATA preprocessor directive
+ */
+
+// #define JXR_ENABLE_ADVANCED_METADATA
 
 /* *** JXR_MAX_IMAGE_WIDTH and JXR_MAX_IMAGE_HEIGHT ***
  * The maximum size in pixel allowed by the plugin.
@@ -87,23 +89,11 @@ Q_LOGGING_CATEGORY(LOG_JXRPLUGIN, "kf.imageformats.plugins.jxr", QtWarningMsg)
 #define JXR_MAX_IMAGE_HEIGHT JXR_MAX_IMAGE_WIDTH
 #endif
 
-/*!
- * \brief JXR_MAX_METADATA_SIZE
- *
- * XMP and EXIF maximum size in bytes.
- */
 #ifndef JXR_MAX_METADATA_SIZE
-#define JXR_MAX_METADATA_SIZE (4 * 1024 * 1024)
-#endif
-
-/*
- * Compatibility with older libraries
+/*!
+ * XMP and EXIF maximum size.
  */
-#ifndef JXR_MAKEVERSION
-#define JXR_MAKEVERSION(major, minor, patch) (((major) << 16) | ((minor) << 8) | (patch))
-#endif
-#ifndef JXR_VERSION
-#define JXR_VERSION JXR_MAKEVERSION(1, 1, 0)
+#define JXR_MAX_METADATA_SIZE (4 * 1024 * 1024)
 #endif
 
 class JXRHandlerPrivate : public QSharedData
@@ -471,7 +461,7 @@ public:
         if (pDecoder == nullptr) {
             return xmp;
         }
-#if JXR_VERSION >= JXR_MAKEVERSION(1, 4, 0)
+#ifdef JXR_ENABLE_ADVANCED_METADATA
         quint32 size = 0;
         if (!PKImageDecode_GetXMPMetadata_WMP(pDecoder, nullptr, &size) && size > 0 && size < JXR_MAX_METADATA_SIZE) {
             QByteArray ba(size, 0);
@@ -973,12 +963,6 @@ private:
         if (pCodecFactory == nullptr) {
             return false;
         }
-
-#if JXR_VERSION >= JXR_MAKEVERSION(1, 4, 0)
-        // Prevents the library from making single large memory allocations.
-        // Note that it may still exceed it with multiple allocations.
-        PKAlloc_SetLimit(size_t(QImageReader::allocationLimit()) * 1024 * 1024);
-#endif
         if (auto err = pCodecFactory->CreateDecoderFromFile(qUtf8Printable(fileName()), &pDecoder)) {
             qCWarning(LOG_JXRPLUGIN) << "JXRHandlerPrivate::initDecoder() unable to create decoder:" << err;
             return false;