Chromium with ozone/wayland backend crashes due to buffer size check for surfaces without role
Affected version
OS: Arch Linux x86_64
Host: KVM/QEMU (Standard PC (Q35 + ICH9, 2009) pc-q35-6.2)
Kernel: 6.8.9-arch1-1
DE: GNOME 46.1
WM: Mutter 46.1
GPU: 00:01.0 Red Hat, Inc. QXL paravirtual graphic card
Memory: 1501MiB / 7940MiB
Resolution: 2560x1600 (16:10)
Bug summary
A change was introduced in Gnome 46 which now enforces the buffer size check for surfaces without a role. This causes a crash in chromium as the cursor role is set after its surface is committed.
Steps to reproduce
- Set scale > 200% (e.g. 225%, 250%, 300%)
- Launch chromium with ozone/wayland backend
- Move mouse over the chromium window
What happened
It results in chromium crashing as soon as the mouse enters its window due to the protocol error.
When the surface for the cursor is committed before a cursor role is assigned in chromium, gnome enforces a size check now due to this change: 98c8c037
What did you expect to happen
The recommendation is to go back to the behavior before 98c8c037 as the cursor role may not be assigned initially when the surface is committed and it would also be consistent with other compositors. For instance, see this comment which mentions this very case: https://gitlab.freedesktop.org/wayland/wayland/-/issues/194#note_1371674
Relevant logs, screenshots, screencasts etc.
[ 544137.031] wl_pointer@29.enter(1329, wl_surface@23, 366.03125000, 300.83593750)
[ 544137.234] -> wl_surface@30.set_buffer_scale(3)
[ 544137.246] -> wl_shm_pool@36.create_buffer(new id wl_buffer@45, 1343488, 64, 64, 256, 0)
[ 544137.254] -> wl_surface@30.damage(0, 0, 64, 64)
[ 544137.257] -> wl_surface@30.attach(wl_buffer@45, 0, 0)
[ 544137.264] -> wl_surface@30.commit()
[ 544137.267] -> wl_pointer@29.set_cursor(1329, wl_surface@30, 2, 0)
[ 544146.037] wl_pointer@29.frame()
[ 544146.932] wl_display@1.error(wl_surface@30, 2, "Buffer size (64x64) must be an integer multiple of the buffer_scale (3).")