Try to guard certain wayland message size limit.

Wayland has a 4096 message size limit internally. For message that
carries string, it can be arbitrarily long and causing issues. The two
most relevant ones are preedit string and commit string.

For preedit_string, there isn't much we can do, so we simply prevent
such message from being sent.

For commit_string, it can be sliced into smaller 4k pieces to send them
one by one.

Fix #1386

Author: wengxt

src/frontend/waylandim/waylandimserver.cpp

@@ -630,8 +630,16 @@ void WaylandIMInputContextV1::updatePreeditDelegate(InputContext *ic) const {
             index += preedit.stringAt(i).size();
         }
     }
-    ic_->preeditString(serial_, preedit.toString().c_str(),
-                       preedit.toStringForCommit().c_str());
+    const std::string preeditString = preedit.toString();
+    const std::string preeditCommitString = preedit.toStringForCommit();
+    // Avoid hitting wayland message limit.
+    if (preeditString.size() + preeditCommitString.size() >=
+        WaylandIMServerBase::safeStringLimit) {
+        return;
+    }
+
+    ic_->preeditString(serial_, preeditString.c_str(),
+                       preeditCommitString.c_str());
 }
 
 void WaylandIMInputContextV1::deleteSurroundingTextDelegate(

src/frontend/waylandim/waylandimserver.h

@@ -93,7 +93,9 @@ class WaylandIMInputContextV1 : public VirtualInputContextGlue {
         if (!ic_) {
             return;
         }
-        ic_->commitString(serial_, text.c_str());
+
+        WaylandIMServerBase::commitStringWrapper(
+            text, [this](const char *str) { ic_->commitString(serial_, str); });
     }
     void deleteSurroundingTextDelegate(InputContext *ic, int offset,
                                        unsigned int size) const override;

src/frontend/waylandim/waylandimserverbase.h

@@ -7,6 +7,8 @@
 #ifndef _FCITX5_FRONTEND_WAYLANDIM_WAYLANDIMSERVERBASE_H_
 #define _FCITX5_FRONTEND_WAYLANDIM_WAYLANDIMSERVERBASE_H_
 
+#include <cassert>
+#include <cstddef>
 #include <cstdint>
 #include <memory>
 #include <optional>
@@ -16,6 +18,7 @@
 #include <xkbcommon/xkbcommon.h>
 #include "fcitx-utils/key.h"
 #include "fcitx-utils/misc.h"
+#include "fcitx-utils/utf8.h"
 #include "fcitx/focusgroup.h"
 #include "display.h"
 #include "waylandim.h"
@@ -42,6 +45,20 @@ class WaylandIMServerBase {
         const std::shared_ptr<wayland::WlSeat> &seat,
         const std::optional<std::tuple<int32_t, int32_t>> &defaultValue) const;
 
+    template <typename Callback>
+    static void commitStringWrapper(const std::string &text,
+                                    const Callback &callback) {
+        if (text.size() < safeStringLimit) {
+            callback(text.data());
+            return;
+        }
+        commitStringWrapperImpl(text, callback);
+    }
+
+    // zwp_input_method_v2 mentioned that commit string should be less than 4000
+    // bytes, use this number of avoid hit 4096 wayland message size limit.
+    static constexpr size_t safeStringLimit = 4000;
+
 protected:
     FocusGroup *group_;
     std::string name_;
@@ -55,6 +72,40 @@ class WaylandIMServerBase {
     KeyStates modifiers_;
 
 private:
+    template <typename Callback>
+    static void commitStringWrapperImpl(std::string text,
+                                        const Callback &callback) {
+        char *start = text.data();
+        char *end = text.data() + text.length();
+
+        while (start < end) {
+            char *current = start;
+
+            while (current < end) {
+                uint32_t c;
+                char *newCurrent = utf8::getNextChar(current, end, &c);
+                if (!utf8::isValidChar(c)) {
+                    return;
+                }
+                if (newCurrent > start + safeStringLimit) {
+                    break;
+                }
+                assert(current < newCurrent);
+                current = newCurrent;
+            }
+            assert(current <= end);
+            assert(start < current);
+            // Set *current to \0, so [start, current) will become a nul
+            // terminate string.
+            const char pivot = *current;
+            *current = '\0';
+            callback(start);
+            // Restore after we use it.
+            *current = pivot;
+            start = current;
+        }
+    }
+
     std::optional<std::tuple<int32_t, int32_t>> repeatInfo(
         const std::shared_ptr<wayland::WlSeat> &seat,
         const std::optional<std::tuple<int32_t, int32_t>> &defaultValue) const;

src/frontend/waylandim/waylandimserverv2.cpp

@@ -664,7 +664,9 @@ void WaylandIMInputContextV2::updatePreeditDelegate(InputContext *ic) const {
         }
     }
 
-    if (preedit.textLength()) {
+    // Validate not empty and within wayland limit.
+    if (preedit.textLength() > 0 &&
+        preedit.textLength() < WaylandIMServerBase::safeStringLimit) {
         if (cursorStart < 0) {
             cursorStart = cursorEnd = preedit.textLength();
         }

src/frontend/waylandim/waylandimserverv2.h

@@ -103,8 +103,11 @@ class WaylandIMInputContextV2 : public VirtualInputContextGlue {
         if (!ic_) {
             return;
         }
-        ic_->commitString(text.c_str());
-        ic_->commit(serial_);
+
+        WaylandIMServerBase::commitStringWrapper(text, [this](const char *str) {
+            ic_->commitString(str);
+            ic_->commit(serial_);
+        });
     }
     void deleteSurroundingTextDelegate(InputContext *ic, int offset,
                                        unsigned int size) const override;