Intro

This week I focused on making the Selection Action Bar draggable directly on the canvas. This would let the user reposition the toolbar that is best for their workflow.

Obstacles to Implementation

Up to this point adding elements on Krita using Qt was straightforward however making these elements interact and respond to mouse click events needed some deeper diving. The goal of this part of the Selection Action Bar was to allow users to click and drag the tool to reposition it anywhere within the canvas. In order to implement this I asked myself some questions: Where does Qt handle click events? How can the UI elements dynamically update their position?

Event Filters and Mouse Events

Documentation Links https://doc.qt.io/qt-6/eventsandfilters.html
https://doc.qt.io/qt-5.15/events.html
https://doc.qt.io/qt-5/qobject.html#installEventFilter

My research led me to Qt’s event system. One of the key concepts I learned about was event filters. Event filters are able to intercept events that are sent to another object. In our case, we can intercept the click events that are sent to the canvas and process that event to update the positions of our floating toolbar.

Since canvas was passed in through the KisSelectionAssistantsDecoration class, we can install an event filter on the canvas object, specifically the canvasWidget to intercept the mouse events.

// install event filter on canvasWidget, so KisSelectionAssistantsDecoration class (aka 'this') can look at event first
canvasWidget->installEventFilter(this);

After learning about event filters, I needed to learn how to handle the mouse events. By distinguishing user inputs of MouseButtonPress, MouseMove, and MouseButtonRelease, I was able to update the position of the floating bar. To keep things simple, imagine a rectangle on a 2D grid. Between the top left point of the rectangle and a point we click inside the rectangle is called an offset. This offset is to make sure that when we click and drag from within the rectangle, we are updating the position of the rectangle. Get offset = mouse position (click) - rectangle position
Update rectangle position = mouse position (click + drag) - offset
Mouse button release = stop updating rectangle

Working concept

With this major change, the Selection Action Bar is starting to feel like a full feature. Currently, we are able to activate selection actions, move the toolbar to a desirable position on canvas, and toggle it on and off via Krita settings.

Conclusion

This week really pushed me to explore how to handle events and how to make elements move in Krita! As I continue building out the Selection Action Bar every week, I start to understand how complex a ‘simple’ change could be. Next week I plan to improve on the movement of the toolbar by restricting its dragging area within the canvas.

Contact

To anyone reading this, please feel free to reach out to me. I’m always open to suggestions and thoughts on how to improve as a developer and as a person. Email: ross.erosales@gmail.com Matrix: @rossr:matrix.org

🎉 Clazy Now Integrates with Clang-Tidy!

I am excited to announce a major improvement to the Clazy project: Clazy now integrates seamlessly with Clang-Tidy!

🧩 One Toolchain, All the Checks

Clazy now provides a plugin (on Unix ClazyClangTidy.so) that allows all its checks to run inside clang-tidy, unifying your static analysis workflow. You no longer need to run two separate tools — just configure Clazy’s checks through clang-tidy itself.

This change needed quite a few refactorings to make the existing Clazy codebase more adaptable. In total, changes were spread out to 9 different pull requests to gradually implement the needed changes. Besides implementing the functionality, the testsuite was also adapted to ensure Clazy’s clang-tidy provides proper results.

✅ How to Use

To load the plugin:

clang-tidy -load=ClazyClangTidy.so ...

🔒 If the plugin isn’t in a standard library path, either add it to your LD_LIBRARY_PATH or provide an absolute path to the plugin file.

Unfortunately, Clang-Tidy needs to have Clazy checks enabled explicitly and does not have a concept of “levels” to group checks. While wildcards like clazy-* would also work, it enables all manual-level checks. Those have more false positives and can hurt performance.

As a helper, you can export environment variables containing the check names to concatenate the desired combination:

export CLAZY_LEVEL0=clazy-overloaded-signal,clazy-connect-by-name,clazy-connect-non-signal,clazy-qstring-comparison-to-implicit-char,clazy-wrong-qevent-cast,clazy-lambda-in-connect,clazy-lambda-unique-connection,clazy-qdatetime-utc,clazy-qgetenv,clazy-qstring-insensitive-allocation,clazy-fully-qualified-moc-types,clazy-unused-non-trivial-variable,clazy-connect-not-normalized,clazy-mutable-container-key,clazy-qenums,clazy-qmap-with-pointer-key,clazy-qstring-ref,clazy-strict-iterators,clazy-writing-to-temporary,clazy-container-anti-pattern,clazy-qcolor-from-literal,clazy-qfileinfo-exists,clazy-qstring-arg,clazy-empty-qstringliteral,clazy-qt-macros,clazy-temporary-iterator,clazy-wrong-qglobalstatic,clazy-lowercase-qml-type-name,clazy-no-module-include,clazy-use-static-qregularexpression
export CLAZY_LEVEL1=clazy-auto-unexpected-qstringbuilder,clazy-connect-3arg-lambda,clazy-const-signal-or-slot,clazy-detaching-temporary,clazy-foreach,clazy-incorrect-emit,clazy-install-event-filter,clazy-non-pod-global-static,clazy-post-event,clazy-qdeleteall,clazy-qlatin1string-non-ascii,clazy-qproperty-without-notify,clazy-qstring-left,clazy-range-loop-detach,clazy-range-loop-reference,clazy-returning-data-from-temporary,clazy-rule-of-two-soft,clazy-child-event-qobject-cast,clazy-virtual-signal,clazy-overridden-signal,clazy-qhash-namespace,clazy-skipped-base-method,clazy-readlock-detaching
export CLAZY_LEVEL2=clazy-ctor-missing-parent-argument,clazy-base-class-event,clazy-copyable-polymorphic,clazy-function-args-by-ref,clazy-function-args-by-value,clazy-global-const-char-pointer,clazy-implicit-casts,clazy-missing-qobject-macro,clazy-missing-typeinfo,clazy-old-style-connect,clazy-qstring-allocations,clazy-returning-void-expression,clazy-rule-of-three,clazy-virtual-call-ctor,clazy-static-pmf

Checks in Clang-Tidy can be disabled when prefixing them with “-“, whereas Clazy uses “no-“ prefixes. An example clang-tidy command to use all level0 checks, with overloaded-signal being disabled and the qt-keywords manual check being enabled:

clang-tidy -load=ClazyClangTidy.so \
-checks="$CLAZY_LEVEL0,-overloaded-signal,qt-keywords" \
-p my_build_dir mydir/**.cpp

In case you want to speed up linting in the project, run-clang-tidy can be used for parallel execution.

🚧✨ Limitations & Tricks

Unlike using Clazy directly, clang-tidy has its own filter mechanism to only emit warnings from files that were provided as an input. This means if a warning is emitted from a header file and not the “.cpp” file you provide as an input, Clang-Tidy will suppress it. To see those warnings -header-filter=".*" can be added to the command.

💡💬 Getting it & Feedback

The Clang-Tidy plugin is currently not released, and some additional development on various checks is happening. For trying it out, one has to compile the project from source. It is just a simple CMake setup - promise ;) See the instructions for more details: https://invent.kde.org/sdk/clazy/#build-instructions

Any feedback and contributions are appreciated - let’s make Clazy better together 😎. Please report bugs or suggestions on https://bugs.kde.org/enter_bug.cgi?product=clazy or https://invent.kde.org/sdk/clazy/-/issues.

Welcome to a new issue of This Week in Plasma!

Every week we cover the highlights of what’s happening in the world of KDE Plasma and its associated apps like Discover, System Monitor, and more.

This week UI and feature work for Plasma 6.5 continued to progress, along with a bunch of nice technical changes and bug fixes. Have a look:

Notable New Features

Plasma 6.5.0

For supported printers, plasma now tells you when the printer is low on ink! (Mike Noe, link)

Notable UI Improvements

Plasma 6.4.4

Notifications marked as “low priority” or that you’ve manually configured to now show up in the history now selectively ignore that, and do show up in the history when they arrived during Do Not Disturb mode. The reason for this is that otherwise these notifications would simply vanish, and you’d never get a chance to see them at all. (Niccolò Venerandi, link)

The hitboxes for items on the desktop now match the visual styling; no more clicking in an empty-looking place and getting a file or folder selected despite no hover effect! (Niccolò Venerandi, link)

Plasma 6.5.0

Key repeat has been disabled for a number of global shortcuts that could trigger rapid full-screen flashing if you held down the shortcut, because this risks causing seizures in photosensitive people. Affected actions include toggling Overview, full screen mode, maximize/de-maximize, and inverting the screen colors. (Ritchie Frodomar, link 1, link 2, and link 3)

The “Someone started sharing this screen” notification now appears only after the connection has been fully established and screen sharing has actually begun, rather than at the moment when the connection was initiated. (David Edmundson, link)

The “Confirm deleting network connection” dialog now uses standard KDE styling. (Renner 03, link)

The spacing between menu items in the Global Menu widget is now more consistent with menus in individual windows. (Rebecca Bee, link)

Notable Bug Fixes

Soon

Plasma Browser Integration’s browser plugin no longer breaks random features or various known video conferencing websites when its enhanced media controls setting is active. (Kai Uwe Broulik, link)

Plasma 6.4.4

Fixed a bug that caused KWin to crash on the next login when you enable the magnifier effect but don’t use it to zoom in at all before logging out. (Xaver Hugl, link)

Fixed a bug that caused KWin to crash on login when run in a QEMU virtual machine using the Bochs video driver. (Xaver Hugl, link)

Fixed the Global Menu widget’s single-button mode for X11 users too. (Kishore Gopalakrishnan, link)

The search field in the Wayland version of the Global Menu widget once again works. (Niccolò Venerandi, link)

Fixed a bug in the KDE’s implementation of the Global Shortcuts XDG portal that confused apps into thinking they had no shortcuts after you accepted the dialog to make some changes. (David Redondo, link)

Fixed a bug causing notifications in the history view to not appear in sequential order. In case you remember this previously being advertised as fixed, it was, because we worked around a Qt bug that was causing the issue. Well, that Qt bug got fixed, causing our workaround to re-introduce the bug! Software development is hard. (Kai Uwe Broulik, link)

Plasma Browser Integration’s built-in Share feature once again works. (Kai Uwe Broulik, link)

Plasma 6.5.0

Cross-app window activation/raising now works more reliably in a couple cases, and also now works for files opened from KRunner-powered searches except for the Recent Documents runner, which is also being worked on. (Kai Uwe Broulik and Xaver Hugl, link 1, link 2, and link 3)

Fixed a bug that prevented the virtual keyboard from being able to enter text into the Application Dashboard widget’s search field. (Arnav Rawat, link)

Fixed a layout bug that caused the contents of the “Set up a printer connection” page to visually overflow when opened from the “New printer detected” notification. (Mike Noe, link)

When accessed from Plasma (not System Settings), wallpaper grid items now follow the Plasma color scheme, rather than the app color scheme. This is relevant when using a mixed light/dark Global Theme like Breeze Twilight. (David Redondo, link)

Frameworks 6.17

KRunner-powered search results once again take into account frequency of use. (Nate Graham, link)

Other bug information of note:

• 4 very high priority Plasma bugs (same as last week). Current list of bugs
• 28 15-minute Plasma bugs (down from 32 last week). Current list of bugs

Notable in Performance & Technical

Plasma 6.4.4

Fixed a source of inotify leaks caused by reconfiguring the Plasma Desktop or the Folder View widget to show a different folder. (Harald Sitter, link)

Plasma 6.5.0

Implemented support the the pointer_warp_v1 (“Pointer Warp”) Wayland protocol that allows apps to ask the compositor to move the pointer. (Xaver Hugl, link)

XDG portal-using apps can now explicitly request a screencast or remote desktop session of a new virtual output. (David Redondo, link 1 and link 2)

Added some more autotests for basic Plasma widget loading functionality. (Nicolas Fella, link)

The clipboard configuration window’s size and position are now stored in the state config file, not the settings config file. (Nicolas Fella, link)

How You Can Help

KDE has become important in the world, and your time and contributions have helped us get there. As we grow, we need your support to keep KDE sustainable.

You can help KDE by becoming an active community member and getting involved somehow. Each contributor makes a huge difference in KDE — you are not a number or a cog in a machine! You don’t have to be a programmer, either; many other opportunities exist!

You can also help us by making a donation! A monetary contribution of any size will help us cover operational costs, salaries, travel expenses for contributors, and in general just keep KDE bringing Free Software to the world.

To get a new Plasma feature or a bugfix mentioned here, feel free to push a commit to the relevant merge request on invent.kde.org.

And since I’m back from my vacations, it’s time to get back into good habits. Let’s go for my web review for the week 2025-30.

Linux’s Ascendancy: Charting the Open-Source Surge in the Desktop OS Arena

Tags: tech, linux, desktop, foss

It’s a very important threshold to cross. Let’s hope this momentum stays long enough.

https://www.linuxjournal.com/content/linuxs-ascendancy-charting-open-source-surge-desktop-os-arena

You MUST listen to RFC 2119

Tags: tech, standard, documentation, funny

OK… This is weird and funny. I definitely like the idea of an actor reading this important RFC aloud.

https://ericwbailey.website/published/you-must-listen-to-rfc-2119/

PNG is back!

Tags: tech, graphics, standard

Excellent news on the PNG standard front!

https://www.programmax.net/articles/png-is-back/

X-Clacks-Overhead

Tags: tech, http, history, literature, funny

This is a lovely idea I think. Good way to pay homage to lost ones.

https://xclacksoverhead.org/

A language model built for the public good

Tags: tech, ai, machine-learning, llm, ethics, ecology, research

ETH Zurich spearheading an effort for more ethical and cleaner open models. That’s good research, looking forward to the results.

https://ethz.ch/en/news-and-events/eth-news/news/2025/07/a-language-model-built-for-the-public-good.html

How to run an LLM on your laptop

Tags: tech, ai, machine-learning, gpt, foss, vendor-lockin

Running interesting models locally gets more and more accessible.

https://www.technologyreview.com/2025/07/17/1120391/how-to-run-an-llm-on-your-laptop/

Yet another ZIP trick

Tags: tech, archive, compression, security

Better not trust ZIP files you receive…

https://hackarcana.com/article/yet-another-zip-trick

How we discovered, and recovered from, Postgres corruption on the matrix.org homeserver

Tags: tech, postgresql, failure, databases

Wow, this was a really bad index corruption indeed.

https://matrix.org/blog/2025/07/postgres-corruption-postmortem/

The most mysterious bug I solved at work

Tags: tech, debugging, pdf

Very interesting bug hunt prompted by some mysterious character in some strings and leading all the way to PDF viewers.

https://cadence.moe/blog/2025-07-02-the-most-mysterious-bug-i-solved-at-work

Graphite | Free online vector editor & procedural design tool

Tags: tech, 2d, graphics, tools, foss

Looks like an interesting vector editor.

https://graphite.rs/

Getting decent error reports in Bash when you’re using ‘set -e’

Tags: tech, shell, scripting

Nice way to improve the set -e output. I guess I’ll use it in my next scripts.

https://utcc.utoronto.ca/~cks/space/blog/programming/BashGoodSetEReports

On Error Handling in Rust

Tags: tech, rust, safety, type-systems

There are indeed other options beyond the model with “one enum with all the errors”.

https://felix-knorr.net/posts/2025-06-29-rust-error-handling.html

Alternative Blanket Implementations for a Single Rust Trait

Tags: tech, rust, type-systems, pattern

Nice pattern to workaround limitations of the Rust trait system preventing blanket implementations.

https://www.greyblake.com/blog/alternative-blanket-implementations-for-single-rust-trait/

The scary and surprisingly deep rabbit hole of Rust’s temporaries

Tags: tech, rust, memory, type-systems

Dealing with temporaries is always complicated it seems, whatever the language.

https://taping-memory.dev/temporaries-rabbit-hole/

The JavaScript Date Quiz

Tags: tech, javascript, date

A good reminder that the JavaScript Date API is very error prone.

https://jsdate.wtf/

This Overly Long Variable Name Could Have Been a Comment

Tags: tech, programming

If it’s too complicated to find a good name, use a comment indeed. As simple as that.

https://jonathan-frere.com/posts/names-vs-comments/

Most RESTful APIs aren’t really RESTful

Tags: tech, web, services, architecture, rest, api

And it’s not necessarily a problem. It all depends on the goal and context of the API you’re building.

https://florian-kraemer.net//software-architecture/2025/07/07/Most-RESTful-APIs-are-not-really-RESTful.html

Caching is an Abstraction, not an Optimization

Tags: tech, caching

It’s indeed another possible point of view about caching.

https://buttondown.com/jaffray/archive/caching-is-an-abstraction-not-an-optimization/

Expert Generalists

Tags: tech, organization, team, learning, complexity

Interesting article about expert generalists (also called “paint drip people” by Kent Beck). This is definitely a skill to foster in teams. The article is long enough that I’m not in agreement with everything in it. That being said there’s a lot of food for thought here.

https://martinfowler.com/articles/expert-generalist.html

Agile Was Never Your Problem Pt 1/2

Tags: tech, agile, project-management

Hear, hear! If you go through rituals without understanding the values and principles… It’s not Agile anymore so stop pretending. Another certification isn’t going to save you at this point.

https://thecynical.dev/posts/agile-was-never-your-problem/

Agile That Doesn’t Suck Pt 2/2

Tags: tech, agile, criticism

So, you derailed and the joy is long gone in your team. This second part shows a possible way forward. Although it’s probably not widely applicable (YMMV), the proposed end goal is what matters… If you stop fussing over labels but focus on what matters you’re likely on the right track.

https://thecynical.dev/posts/agile-that-doesnt-suck/

Why measuring productivity is hard

Tags: tech, productivity, management

Indeed, it’s hard. You need to put in the work but it’s hard to predict where the real value will come from.

https://lemire.me/blog/2025/07/12/why-measuring-productivity-is-hard/

Underused Techniques for Effective Emails

Tags: tech, email, writing

Some of this is not new, but it looks like a dying practice. It doesn’t need to be. This medium is more efficient than chat for some cases.

https://refactoringenglish.com/chapters/techniques-for-writing-emails/

Reading Neuromancer for the very first time in 2025

Tags: tech, scifi, literature

Neat piece about the reactions when reading this (IMHO) very important book for the first time in 2025. Made me want to read it again!

https://mbh4h.substack.com/p/neuromancer-2025-review-william-gibson

Why English doesn’t use accents

Tags: linguistics, history

Very interesting article. Where diacritics come from? Why English doesn’t have them?

https://www.deadlanguagesociety.com/p/why-english-doesnt-use-accents

How the alphabet began

Tags: history, linguistics

Interesting exploration about where the alphabet comes from. Interesting debate about the abjad vs alphabet classification in the comments as well.

https://www.deadlanguagesociety.com/p/how-the-alphabet-began

Bye for now!

Kdenlive 25.08 Release Candidate is ready for testing. While this release focuses mostly on bug fixing, the dev team still managed to sneak in some cool features during the summer heat. Some highlights include:

• Optimized interface for lower resolution screens
• Project files are now properly recognized and can easily be opened by clicking them on MacOS
• Fix location of title templates on Windows
• Fix downloadable keyboard schemes
• Fix python 3.13 compatibility for Whisper
• Added power management support to prevent sleep while playing / rendering
• Support for start timecode
• Added option to display the markers of all clips in the project in the guides list
• Show thumbnails in the guides list
• Redesigned mixer

Download the binaries from below and give it a spin. Please share your feedback in the comments if you encounter any bugs or have a suggestion to help us polish the final release.

Pre-release binaries can be downloaded here.

Intro

This week builds on the work from last week, where I started adding selection action buttons to the floating toolbar in Krita. The focus this time was on integrating more actions and improving the user interface by adding icons to those buttons.

Adding Buttons and Icons

After learning how Selection Tools are triggered through existing UI buttons, the next step was figuring out where those actions originate in the code and how to reuse them in new buttons. I also explored how to visually represent each button using Krita's icon system.

Here’s a simple example of how I added an icon to a button:

d->buttonCopyToNewLayer = new QPushButton();
d->buttonCopyToNewLayer->setIcon(KisIconUtils::loadIcon("duplicateitem"));
d->buttonCopyToNewLayer->setIconSize(QSize(25, 25));

This pattern forms the basis for a reusable template I can follow as I implement additional action buttons across the toolbar.

Finding Icons

Icons play a huge role in usability. Much like how we can recognize cartoon characters by their silhouettes, users often identify tools in a UI by their icons. Good icons make interfaces faster to use and easier to understand.

To find appropriate icons for my buttons, I’ve been referencing these sources:

Krita’s official icon library:
scripting.krita.org/icon-library

Krita source file:
$KRITASOURCE/krita/krita.action

If I couldn’t find an icon there, I searched the codebase for related keywords or looked at how similar tools were implemented with icons. When I exhaust these options, I can also reach out to @Animtim who helps create Krita's custom icons.

Conclusion

Buttons are most powerful when they’re not only functional but also accessible and visually intuitive. This week extends on the work from last week

Next on my list, while I continue adding selection buttons and icons, is to make the floating selection bar movable on the canvas!

Contact

To anyone reading this, please feel free to reach out to me. I’m always open to suggestions and thoughts on how to improve as a developer and as a person. Email: ross.erosales@gmail.com Matrix: @rossr:matrix.org

Hello everyone! Midterm evaluations are here, and I wanted to share an update on my GSoC project. Here’s what I’ve accomplished so far:

Progress So Far

Migration of Existing Fuzz Targets

The first step was migrating the existing build scripts and fuzz targets from the OSS-Fuzz repository into the respective KDE repositories. Maintaining them within the OSS-Fuzz repo added a bit of friction when making changes. Having them in KDE repos makes it easier to maintain and update them.

KArchive Fuzzer

Then I worked on KArchive fuzzer doing mainly two changes: First was to split the fuzzer into separate targets for each archive format (like zip, tar, 7z, etc.) to improve coverage. Second was to add libFuzzer dictionary files to guide the fuzzing process better. Here is an image showing the coverage after these changes:

This coverage was tested using a local corpus and it is pretty solid for just fuzzing the “reading” part. The coverage will increase on OSS-Fuzz by time as the corpus keeps growing. Splitting the fuzzer into multiple targets allows the fuzzer to focus on specific archive formats, which keeps the corpus size smaller and more efficient.

KMime Fuzzer

After that, I focused on KMime. I created a fuzz target for it, which focused on the just the MIME parsing functionality. The parsing part of KMime is critical as it handles untrusted input, such as, from emails (in KMail).

For KMime, I also added a libFuzzer-style dictionary file to help guide the fuzzing process. This helps the fuzzer generate more meaningful inputs, which can improve coverage and help the fuzzer reach deeper code paths.

KDE Thumbnailers Fuzzer

After KMime, I moved on to KDE Thumbnailers. I created a fuzzer for the thumbnailers that are used in KDE applications to generate previews of files. This is important as it handles untrusted input from various file formats, such as images, documents, etc. KDE has a lot of thumbnailers, I started with the thumbnailers in KIO-Extras repository, which includes thumbnailers for various file formats like images, videos, documents, etc.

KDE Thumbnailers were tricky to fuzz because they aren’t standalone. They depend on KIO and KIOGui, which are pretty heavy and pull in a bunch of dependencies not required for thumbnailing. Building the full KIO stack inside OSS-Fuzz would have made the build process slow and complicated.

To avoid that, I wrote a custom build script that compiles just the thumbnailer source files and their direct dependencies. That keeps the fuzzers lightweight and focused only on the thumbnailing functionality.

For these thumbnailers, I also created a dictionary file for each thumbnailer separately for the same reason as KMime.

KFileMetaData Fuzzer

At last, I worked on KFileMetaData. This library is used to extract metadata from files, such as images, videos, documents, etc. Same as KDE Thumbnailers, it handles untrusted input from various file formats, so fuzzing it is important to ensure it can handle malformed or unexpected data gracefully.

Initially, I made a single fuzzer that used Qt plugin system to load metadata extractors and ran the extractors based on content mimetype. However, this required using dynamic libraries which is not great for OSS-Fuzz integration. So I split the fuzzer into multiple targets, one for each extractor, and compiled them statically. This way, each fuzzer is focused on a specific extractor and doesn’t depend on dynamic linking.

The thumbnailers and kfilemetadata currently have the highest coverage among all the fuzzers I’ve created so far, which is great! The coverage will improve and reach closer to 100% for them as the corpus grows on OSS-Fuzz.

What’s Next

There are still many more libraries that could benefit from OSS-Fuzz integration. Here are some that I plan to work on next:

More Thumbnailers

KDE maintains a large number of thumbnailer plugins, and I intend to integrate as many of them as possible. The next ones on my list (provided by Albert Astals Cid) include:

• Calligra Thumbnailer
• Itinerary Thumbnailer
• Qui Thumbnailer
• KDE Graphics Thumbnailers
• MLT Thumbnailer
• KDE SDK Thumbnailers
• WebArchive Thumbnailer
• Pala Thumbnailer
• Font Thumbnailer

Okular Generators & QMobipocket

QMobipocket is a library used by Okular for reading .mobi files. It parses Mobipocket documents and could benefit from fuzzing to identify edge cases and potential vulnerabilities.

Okular also includes several generators responsible for rendering various document formats. While most rely on third-party libraries, a few include custom code that has not yet been fuzzed. These components may be susceptible to bugs triggered by malformed files.

Fuzzing these generators is a bit tricky, since building the full Okular application and all its dependencies would slow down the build process and make its maintenance harder. To address this, I plan to build only the relevant generator source files and their minimal dependencies similar to the approach I used for KDE thumbnailers.

KContacts (VCard Parser)

KContacts is a KDE framework for handling contact data. It includes a VCard parser that reads .vcf files. Although the format is relatively simple, it supports multiple character encodings and codecs, making it an interesting candidate for fuzz testing.

Links

• Intro Blog post: azharmomin.me/posts/gsoc-2025-expanding-oss-fuzz-integration-across-kde-libraries

That’s it for now. If you’re working on/know a KDE library that touches untrusted input and could benefit from fuzzing, please let me know! You can reach me on Matrix or Email.

One of the biggest things you can do for KDE (that does not involve coding) is helping us organize Akademy.

In 2026, we are organizing a special edition of Akademy to celebrate KDE's 30th birthday. We want to make this occasion memorable by celebrating this important milestone with Akademy. The birthday edition of Akademy will not only bring together contributors, users, and partners but will also reflect on three decades of community, collaboration, innovation, and Free Software.

Now is your chance to become KDE champions and help make Akademy 2026 happen! We are looking to host Akademy 2026 during June, July, August, September, or October. Download the Call for Hosts guide and submit a proposal to host Akademy in your city to akademy-proposals@kde.org by October 1, 2025.

Do not hesitate to send us your questions and concerns! We are here to help you organize a successful event, and you can reach out at any time for advice, guidance, or any assistance you may need. We will support you and help you make Akademy 2026 an event to remember.