Prevent unbounded Split on chart number formats (use IndexOf to select signed section)

[PrzemyslawKlys]

Motivation

• Fix a regression that used string.Split(';') on attacker-controlled chart number format strings, which can allocate unbounded arrays/substrings and cause memory amplification or OOM during chart/pdf rendering.
• Preserve original behavior of selecting positive/negative/zero format sections while avoiding full-string splitting and large allocations.

Description

• Replace numberFormat.Split(';') with bounded IndexOf lookups in SelectSignedNumberFormatSection, selecting only the needed section for positive, negative, or zero values.
• Add TrimNumberFormatSection helper to trim whitespace from the selected substring without allocating intermediate splits.
• Add a regression unit test FlowDrawing_SelectsSignedNumberFormatSectionWithoutSplittingAllSeparators to OfficeIMO.Tests/Pdf/PdfDocumentChartDrawingTests.cs that verifies selection works for positive, negative, and zero with a semicolon-heavy format.

Testing

• Built the drawing library with dotnet build OfficeIMO.Drawing/OfficeIMO.Drawing.csproj --framework net8.0 which succeeded.
• Attempted to run the chart-related tests with dotnet test OfficeIMO.Tests/OfficeIMO.Tests.csproj --framework net8.0 --filter FullyQualifiedName~PdfDocumentChartDrawingTests, but the full test run was blocked by toolchain constraints: the repo includes projects targeting net10.0 and one project uses a preview language feature (null conditional assignment) that the installed SDK configuration rejected, preventing the test run from completing.
• git diff --check was run to validate whitespace and formatting; no issues were reported.

---

Codex Task

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 75086225ae

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[codecov]

Codecov Report

❌ Patch coverage is 88.88889% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 73.33%. Comparing base (20cf306) to head (c0a3199).
⚠️ Report is 20 commits behind head on master.

Files with missing lines	Patch %	Lines
...ficeIMO.Drawing/OfficeChartDrawingRenderer.Text.cs	88.88%	0 Missing and 2 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #1925      +/-   ##
==========================================
+ Coverage   73.29%   73.33%   +0.04%     
==========================================
  Files        2256     2521     +265     
  Lines      262814   283196   +20382     
  Branches    56792    60589    +3797     
==========================================
+ Hits       192633   207689   +15056     
- Misses      44317    47871    +3554     
- Partials    25864    27636    +1772     

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.