Infinite loop in PackedInputStream when underlying input stream is smaller than expected

[scacaca]

Summary:

An infinite loop may occur in PackedInputStream when the underlying input stream (e.g., ArrayInputStream) provides fewer bytes than expected by the reader. This can lead to unresponsive behavior or potential denial of service. there is a similar problem the revelent codes are in file1 and file2

Description:

In the current D implementation of Cap’n Proto, PackedInputStream assumes that the wrapped input stream always provides enough data to fulfill read requests. However, if the underlying stream (e.g., an implementation of BufferedInputStream or ArrayInputStream) does not provide sufficient bytes (e.g., due to truncation or partial network read), the loop inside the decompression logic will continue indefinitely.

Impact:

Infinite loop → Denial of Service (DoS) vulnerability.

Fix:

there is a similar fix logic