CVE-2024-24786: Golang protojson.Unmarshal function infinite loop when unmarshaling certain forms of invalid JSON

The vulnerability CVE-2024-24786 describes an infinite loop in protojson.Unmarshal. The provided commit f01a588e5810b90996452eec4a28f22a0afae023 addresses this.

1. protojson.Unmarshal is identified as the primary affected function based on the vulnerability description. The loop occurs within its execution.
2. The patch modifies encoding/protojson.(*decoder).skipJSONValue by adding a check for json.EOF with a comment explicitly stating it's to 'Avoid an infinite loop'. This indicates skipJSONValue was directly involved in the loop.
3. The patch also modifies internal/encoding/json.(*Decoder).Read to correctly handle malformed JSON object closing tokens. The commit message explains this change fixes error handling for inputs like {"":}. Incorrect parsing by Read could lead to the conditions causing the infinite loop in higher-level functions like skipJSONValue or within the broader Unmarshal logic. Therefore, Unmarshal is the entry point, and the loop was caused by issues in its dependent functions skipJSONValue and Decoder.Read when processing specific invalid JSON inputs.