fix: compress only len check

[ananas-block]

Summary by CodeRabbit

Release Notes

• Bug Fixes
  • Added runtime validation to prevent invalid compression indices from causing errors, improving the robustness of compression operations.

[coderabbitai]

Warning

Rate limit exceeded

@ananas-block has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 22 minutes and 37 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📝 Walkthrough

Walkthrough

This change adds a runtime validation check in token transfer processing to ensure compression indices referenced in CompressedOnly TLVs remain within the actual count of compressions provided, preventing out-of-bounds access by returning a specific error when violated.

Changes

Cohort / File(s)	Summary
Compression Index Validation programs/compressed-token/program/src/compressed_token/transfer2/token_inputs.rs	Introduces bounds validation to verify compression_index stays within compressions_len, returning TokenError::CompressionIndexOutOfBounds if exceeded.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🔐 Bounds checked with care and precision,
No index shall roam beyond decision,
Six lines stand guard, a sentinel true,
Keeping compressions in proper queue! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately reflects the main change: adding a bounds check for compression indices to ensure they don't exceed the actual number of compressions provided.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 70.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch jorrit/fix-compress-only-len-check

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In
`@programs/compressed-token/program/src/compressed_token/transfer2/token_inputs.rs`:
- Around line 60-65: The current check correctly guards against out-of-bounds
compression_index by computing compressions_len from inputs.compressions and
returning TokenError::CompressionIndexOutOfBounds when idx >= compressions_len;
hoist the computation of compressions_len = inputs.compressions.as_ref().map(|c|
c.len()).unwrap_or(0) out of the loop that processes TLVs (so it’s computed once
before iterating) and then use that precomputed compressions_len together with
the existing check on compression_index to maintain the defensive validation.