Fix memory allocation in PSOperator and Type1FontProgram

[MaximPlusov]

Summary by CodeRabbit

• Bug Fixes
  • Enhanced PostScript operation validation with configurable size limits for arrays and iteration boundaries to improve handling of edge cases and malformed PDFs that could cause processing errors.
  • Added recursion depth limits to PostScript font program processing to prevent excessive resource consumption and improve application stability during complex PDF parsing operations.

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR adds three resource-consumption safety limits to PostScript processing: MAX_PS_ARRAY_SIZE and MAX_PS_FOR_ITERATIONS constants in PSOperator enforce bounds on array creation and loop iteration counts; MAX_TO_EXECUTE_DEPTH in Type1FontProgram caps recursion depth during PostScript font program execution. All three additions include runtime validation that throws PostScriptException on violation.

Changes

PostScript Resource Safety Limits

Layer / File(s)	Summary
Array size validation in PostScript array operator src/main/java/org/verapdf/parser/postscript/PSOperator.java	Defines MAX_PS_ARRAY_SIZE constant and adds validation to the array() operator to reject array creation requests exceeding the limit, throwing PostScriptException on violation.
Iteration count limits in PostScript for operator src/main/java/org/verapdf/parser/postscript/PSOperator.java	Converts for-loop parameters to long values, validates increment and initial/limit relationships, computes iteration count, and enforces MAX_PS_FOR_ITERATIONS upper bound with direction-aware loop logic.
Recursion depth protection in Type1 font PostScript execution src/main/java/org/verapdf/pd/font/type1/Type1FontProgram.java	Defines MAX_TO_EXECUTE_DEPTH constant and refactors toExecute() into an overload that threads a depth counter through recursive dictionary lookups, throwing PostScriptException when recursion exceeds the limit.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

🐰 With arrays bounded and loops constrained,
Recursion capped so chaos won't reign,
PostScript now safer, from overflow freed,
Three safety nets planted where limits are needed! ✨

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The title mentions 'memory allocation' but the changes focus on adding safety limits and recursion depth checks, which are resource consumption controls rather than memory allocation fixes.	Consider revising the title to more accurately reflect the actual changes, such as 'Add safety limits for PostScript operations in PSOperator and Type1FontProgram' or 'Enforce recursion and iteration limits in PostScript processing'.
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch type1_font

Warning

Review ran into problems

🔥 Problems

Git: Failed to clone repository. Please run the @coderabbitai full review command to re-trigger a full review. If the issue persists, set path_filters to include or exclude specific files.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/main/java/org/verapdf/parser/postscript/PSOperator.java`:
- Around line 588-590: In PSOperator (the block checking increment/initial/limit
where it currently does "if (increment == 0 || (increment > 0 && initial >
limit) || (increment < 0 && initial < limit)) { throw new
PostScriptException(...); }"), change the behavior so only a zero increment
throws PostScriptException; remove the throw for direction-mismatch cases and
instead treat them as no-op loops by returning zero iterations (or setting the
loop count/iterator to 0) when (increment > 0 && initial > limit) or (increment
< 0 && initial < limit); keep the check and throw for increment == 0, and ensure
you return the appropriate zero-iteration value from the surrounding method so
callers handle the no-op correctly.
- Around line 540-543: The code narrows the value from
getTopNumber().getInteger() to an int (arraySize) before checking range,
allowing very large integers to wrap; change the validation to check the
BigInteger/long magnitude against MAX_PS_ARRAY_SIZE and non-negativity before
converting to int (i.e., obtain the BigInteger/Number from
getTopNumber().getInteger(), compare it to BigInteger.valueOf(MAX_PS_ARRAY_SIZE)
and zero, and only then call intValueExact()/intValue() to assign to arraySize
or throw PostScriptException if out of range), updating any surrounding logic in
the method in PSOperator where arraySize is used.

In `@src/main/java/org/verapdf/pd/font/type1/Type1FontProgram.java`:
- Around line 195-196: In Type1FontProgram change the recursion guard so it
throws when depth is greater than or equal to the limit: replace the current
condition using depth and MAX_TO_EXECUTE_DEPTH (currently "depth >
MAX_TO_EXECUTE_DEPTH") with a check that fails on equality as well (e.g., "depth
>= MAX_TO_EXECUTE_DEPTH") so the PostScriptException in the toExecute recursion
path is raised at the intended maximum; update the clause that throws
PostScriptException("Type 1 font program exceeded toExecute recursion depth")
accordingly.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 3e51e25a-5fff-46b0-a002-e29c819ca54f

📥 Commits

Reviewing files that changed from the base of the PR and between 5164caf and e4c42c0.

📒 Files selected for processing (2)

• src/main/java/org/verapdf/parser/postscript/PSOperator.java
• src/main/java/org/verapdf/pd/font/type1/Type1FontProgram.java

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Validate array size before narrowing to int.

Line 540 narrows to int before range validation, so oversized integers can wrap and evade the intended guard.

Proposed fix

-            int arraySize = getTopNumber().getInteger().intValue();
-            if (arraySize < 0 || arraySize > MAX_PS_ARRAY_SIZE) {
-                throw new PostScriptException("Array size " + arraySize + " is out of range");
+            long requestedSize = getTopNumber().getInteger();
+            if (requestedSize < 0 || requestedSize > MAX_PS_ARRAY_SIZE) {
+                throw new PostScriptException("Array size " + requestedSize + " is out of range");
             }
+            int arraySize = Math.toIntExact(requestedSize);

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	int arraySize = getTopNumber().getInteger().intValue();
	if (arraySize < 0 || arraySize > MAX_PS_ARRAY_SIZE) {
	throw new PostScriptException("Array size " + arraySize + " is out of range");
	}
	long requestedSize = getTopNumber().getInteger();
	if (requestedSize < 0 || requestedSize > MAX_PS_ARRAY_SIZE) {
	throw new PostScriptException("Array size " + requestedSize + " is out of range");
	}
	int arraySize = Math.toIntExact(requestedSize);

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/main/java/org/verapdf/parser/postscript/PSOperator.java` around lines 540
- 543, The code narrows the value from getTopNumber().getInteger() to an int
(arraySize) before checking range, allowing very large integers to wrap; change
the validation to check the BigInteger/long magnitude against MAX_PS_ARRAY_SIZE
and non-negativity before converting to int (i.e., obtain the BigInteger/Number
from getTopNumber().getInteger(), compare it to
BigInteger.valueOf(MAX_PS_ARRAY_SIZE) and zero, and only then call
intValueExact()/intValue() to assign to arraySize or throw PostScriptException
if out of range), updating any surrounding logic in the method in PSOperator
where arraySize is used.

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Don’t throw on non-entering for loops; return zero iterations instead.

The direction-mismatch cases should be valid no-op loops, not PostScriptException. Throwing here breaks expected for semantics.

Proposed fix

-            if (increment == 0 || (increment > 0 && initial > limit) || (increment < 0 && initial < limit)) {
+            if (increment == 0) {
                 throw new PostScriptException("Wrong increment value " + increment);
             }
+            if ((increment > 0 && initial > limit) || (increment < 0 && initial < limit)) {
+                return;
+            }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	if (increment == 0 || (increment > 0 && initial > limit) || (increment < 0 && initial < limit)) {
	throw new PostScriptException("Wrong increment value " + increment);
	}
	if (increment == 0) {
	throw new PostScriptException("Wrong increment value " + increment);
	}
	if ((increment > 0 && initial > limit) || (increment < 0 && initial < limit)) {
	return;
	}

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/main/java/org/verapdf/parser/postscript/PSOperator.java` around lines 588
- 590, In PSOperator (the block checking increment/initial/limit where it
currently does "if (increment == 0 || (increment > 0 && initial > limit) ||
(increment < 0 && initial < limit)) { throw new PostScriptException(...); }"),
change the behavior so only a zero increment throws PostScriptException; remove
the throw for direction-mismatch cases and instead treat them as no-op loops by
returning zero iterations (or setting the loop count/iterator to 0) when
(increment > 0 && initial > limit) or (increment < 0 && initial < limit); keep
the check and throw for increment == 0, and ensure you return the appropriate
zero-iteration value from the surrounding method so callers handle the no-op
correctly.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Fix off-by-one in recursion depth guard.

depth > MAX_TO_EXECUTE_DEPTH permits one extra recursive level beyond the stated max. If the cap is intended to be 64, this should fail on equality too.

Suggested patch

-        if (depth > MAX_TO_EXECUTE_DEPTH) {
+        if (depth >= MAX_TO_EXECUTE_DEPTH) {
             throw new PostScriptException("Type 1 font program exceeded toExecute recursion depth");
         }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	if (depth > MAX_TO_EXECUTE_DEPTH) {
	throw new PostScriptException("Type 1 font program exceeded toExecute recursion depth");
	if (depth >= MAX_TO_EXECUTE_DEPTH) {
	throw new PostScriptException("Type 1 font program exceeded toExecute recursion depth");
	}

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/main/java/org/verapdf/pd/font/type1/Type1FontProgram.java` around lines
195 - 196, In Type1FontProgram change the recursion guard so it throws when
depth is greater than or equal to the limit: replace the current condition using
depth and MAX_TO_EXECUTE_DEPTH (currently "depth > MAX_TO_EXECUTE_DEPTH") with a
check that fails on equality as well (e.g., "depth >= MAX_TO_EXECUTE_DEPTH") so
the PostScriptException in the toExecute recursion path is raised at the
intended maximum; update the clause that throws PostScriptException("Type 1 font
program exceeded toExecute recursion depth") accordingly.