Background: The Problem
After the New Year, I switched from GNOME (Fedora Workstation) to KDE and discovered that maliit-keyboard (the virtual keyboard/on-screen keyboard) was crashing repeatedly. The crashes occurred even without using a touchscreen, and each crash generated a report in ABRT (Fedora's problem reporting system), flooding my notifications with crash reports.
Uninstalling wasn't an option — it would remove SDDM and other important KDE packages along with it.
Searching through Red Hat/Fedora's bugzilla, I found many existing reports linking to GitHub issue #256, #262, and #190, but no responses from the maliit-keyboard maintainers. The version used by Fedora (2.3.1) was released in 2022, and the latest GitHub commit was from 2024 (current time at writing: 2026). This classifies as abandonware.
Note: KDE plans to replace maliit-keyboard with plasma-keyboard, but the timeline is uncertain.
My AI-Assisted Bug Fix Process
I used AI to help fix the bug with the following workflow:
- AI analyzes the existing code
- AI summarizes its understanding
- I verify or correct that understanding
- I define the requirements or describe the bug
- AI implements the solution
- Another AI (Gemini) reviews the changes (iterated several times)
- I make the final decision
This is not "Vibe Coding" — this is a rigorous, verified process where I remain in control at every step.
Technical Details
Root Cause: maliit-keyboard received massive amounts of surrounding_text without proper protection, causing buffer overflow and subsequently segmentation fault.
Solution: Implemented best practice by limiting data processing to 1 MB (more than sufficient for plain text).
Example of The Code Changes
Text Header Modification (src/lib/models/text.h)
diff --git a/src/lib/models/text.h b/src/lib/models/text.h
index 635c98b7..85a000c6 100644
--- a/src/lib/models/text.h
+++ b/src/lib/models/text.h
@@ -35,6 +35,8 @@
#include <QtCore>
namespace MaliitKeyboard {
+constexpr int MAX_SURROUNDING_TEXT_LENGTH = 1024 * 1024; // 1MB in characters
+
namespace Model {
class Text
InputMethod Protection (src/plugin/inputmethod.cpp)
diff --git a/src/plugin/inputmethod.cpp b/src/plugin/inputmethod.cpp
index 23cacca6..cb0ac6c6 100644
--- a/src/plugin/inputmethod.cpp
+++ b/src/plugin/inputmethod.cpp
@@ -453,6 +453,15 @@ void InputMethod::update()
int position;
bool ok = d->host->surroundingText(text, position);
if (ok) {
+ // Validate the surrounding text length to prevent buffer overflows
+ if (text.length() > ::MaliitKeyboard::MAX_SURROUNDING_TEXT_LENGTH) {
+ qWarning() << "Surrounding text too long, truncating from" << text.length() << "to" << ::MaliitKeyboard::MAX_SURROUNDING_TEXT_LENGTH;
+ text = text.left(::MaliitKeyboard::MAX_SURROUNDING_TEXT_LENGTH);
+ // Adjust position if it's beyond the new text length
+ if (position > text.length()) {
+ position = text.length();
+ }
+ }
d->editor.text()->setSurrounding(text);
d->editor.text()->setSurroundingOffset(position);
The Pull Request Rejection
After testing the fix for several weeks with zero crashes, I submitted a PR#263 to the upstream repository. The response was:
dobey commented 3 days ago:
Co-authored-by: Qwen-Coder [email protected]
Absolutely not. LLMs have no context and do not understand how anything works and are not welcome here.
dobey closed this 3 days ago
The PR was rejected immediately upon seeing AI assistance, without any code review.
Fork Project: maliit-keyboard-robust
Since upstream rejected the contribution, I:
- Renamed the forked repo to maliit-keyboard-robust
- Fixed additional bugs reported in upstream issues
- Improved buffer overflow protection
- Added unit tests for
surrounding_textexceeding 1 MB - Created a COPR repository for Fedora users
Installation Instructions
$ sudo dnf copr enable cwt/maliit-keyboard-robust
$ sudo dnf install maliit-keyboard-robust --allowerasing
Note: The --allowerasing flag is required because this package replaces the original but provides the same package name in the SPEC file, preventing removal of SDDM and other KDE packages.
COPR Repository: cwt/maliit-keyboard-robust
Conclusion
My Observations:
- AI-assisted coding is not "Vibe Coding" — This was a rigorous, verified process with human oversight at every step
- Upstream maintainer bias — The rejection was based solely on AI involvement without reviewing the actual code quality
- Open Source contribution barriers — Despite working fixes, ideological opposition blocks contributions
My Recommendation:
Fedora users experiencing maliit-keyboard crashes can use the maliit-keyboard-robust COPR repository if they're comfortable with AI-assisted code. The fix has been tested for several weeks with zero crashes.
Final Thought:
The irony here is thick: rejecting code via automatic if-then-else logic upon detecting AI involvement raises the question of who is actually acting like a bot?
Repository
GitHub: cwt/maliit-keyboard-robust