On Wayland, notify_surrounding_text() crash on wl_abort() if text is longer than 4000 bytes
Since !112 (closed) change, the notify_surrounding_text() function of imwayland.c calls the unstable API zwp_text_input_v3_set_surrounding_text() without checking the text length. Problem: the function calls wl_abort() if the text is longer than 4000 bytes (I'm not sure of the exact limit).
According to gdb, wl_proxy_marshal_array_constructor_versioned() calls wl_abort() because the buffer is too short. It seems like wl_buffer_put() fails with E2BIG:
https://chromium.googlesource.com/external/wayland/wayland/+/refs/heads/master/src/connection.c#66
The problem comes from zwp_text_input_v3@39.set_surrounding_text("...") call (where "..." is a UTF-8 string with more than 4096 bytes): zwp_text_input_v3_set_surrounding_text() function.
The selected text is longer than 4096 bytes:
(gdb) p strlen(args->s)
$5 = 4154
whereas the wayland message uses a signature which only allows up to around 4000 bytes:
(gdb) p *closure->message
$1 = {
name = 0x7ffff73ef0cb "set_surrounding_text",
signature = 0x7ffff73ef094 "sii",
types = 0x7ffff76bbc60 <types>
}
"set_surrounding_text" description in text-input/text-input-unstable-v3.xml warns about this 4000 bytes limitation: https://cgit.freedesktop.org/wayland/wayland-protocols/tree/unstable/text-input/text-input-unstable-v3.xml#n138
Text is UTF-8 encoded, and should include the cursor position, the
complete selection and additional characters before and after them.
There is a maximum length of wayland messages, so text can not be
longer than 4000 bytes.
On #wayland IRC channel on Freenode, Pekka Paalanen aka "pq" told me that the Wayland protocol cannot carry messages that exceed 4096 bytes, and a few bytes are needed for message header.
One problem is that wl_abort() is called which exit Firefox. Maybe wayland-client should be modified to handle such error differently?
gtk should avoid passing more than 4000 bytes to "set_surrounding_text" call.
See also my bug report to Firefox: https://bugzilla.mozilla.org/show_bug.cgi?id=1539773