I don't support you're interested in submitting a patch? :)

Unfortunately, I don't have the time.
I've been tying to create a single simple patch for 3 months, and I still don't have it.

Created attachment 153532 [details]
.zip file containing a file triggering a Dolphin hang

Worse yet, it doesn't take a malicious file to trigger kioslave5 to eat all system memory. When making SNES music, I generate .brr files which are unheadered SNES samples, effectively raw binary data. Because these files are unstructured and can take up near-arbitrary values, file and Dolphin misdetects one of them as a 61935 x 58476 Targa file. When I open Dolphin to a directory containing this file, or the parent directory showing subdirectory icons, kioslave5 eats up all available system memory, requiring killing the process or Alt+SysRq+F if you even have that enabled.

This is a nasty bug to occur, particularly because this file doesn't even have a .tga extension but .brr, but Dolphin first guesses the file type from magic numbers inside, then tries generating a thumbnail for a file without an image extension, then doesn't bail out when the image is 3 billion pixels large despite being 101 bytes long (not containing practically any of the actual pixels inside).

The workaround I have is creating a custom .brr MIME type so Dolphin won't try to generate a thumbnail (and I can assign proper file associations to open it in a hex editor). But out of the box, merely opening a folder *containing* a folder holding the bad file can lock up your entire system, likely irrecoverably if your distro disables Alt+SysRq out of the box.

I found no way to prevent the plugin from identifying the file as TGA.

I added the options support to the plugin (https://invent.kde.org/frameworks/kimageformats/-/merge_requests/212).
The KDE thumbnailer should use the Size option to determine how large the image becomes and avoid generating the thumbnail if it exceeds 1/3 of the available RAM.