Merge pull request from GHSA-3qm5-5hmp-8c6w

* Limit the size of the content type definition in OOXML

* Improve naming in OOXML tests

* Check OOXML error type in tests

docx.go

@@ -119,7 +119,7 @@ func getContentTypeDefinition(zf *zip.File) (*contentTypeDefinition, error) {
 	defer f.Close()
 
 	x := &contentTypeDefinition{}
-	if err := xml.NewDecoder(f).Decode(x); err != nil {
+	if err := xml.NewDecoder(io.LimitReader(f, maxBytes)).Decode(x); err != nil {
 		return nil, err
 	}
 	return x, nil

docx_test/docx_test.go

@@ -1,6 +1,7 @@
 package docx_test
 
 import (
+	"encoding/xml"
 	"os"
 	"strings"
 	"testing"
@@ -50,3 +51,18 @@ func TestConvertDocxWithUncommonValidStructure(t *testing.T) {
 		t.Errorf("expected %v to contains %v", resp, want)
 	}
 }
+
+
+func TestConvertDocxDecompressionSizeLimit(t *testing.T) {
+	f, err := os.Open("./testdata/decompression_size_limit.docx")
+	if err != nil {
+		t.Fatalf("got error = %v, want nil", err)
+	}
+	_, _, err = docconv.ConvertDocx(f)
+        if _, ok := err.(*xml.SyntaxError); !ok {
+                t.Errorf("got error = %T, want *xml.SyntaxError", err)
+        }
+        if want := "EOF"; !strings.Contains(err.Error(), want) {
+                t.Errorf("got error = %v, want %v", err, want)
+        }
+}

pptx_test/pptx_test.go

@@ -1,6 +1,7 @@
 package docx_test
 
 import (
+	"encoding/xml"
 	"os"
 	"strings"
 	"testing"
@@ -30,3 +31,17 @@ func TestConvertPptx(t *testing.T) {
 		t.Errorf("expected %v to contain %v", resp, want)
 	}
 }
+
+func TestConvertPptxDecompressionSizeLimit(t *testing.T) {
+        f, err := os.Open("./testdata/decompression_size_limit.pptx")
+        if err != nil {
+                t.Fatalf("got error = %v, want nil", err)
+        }
+        _, _, err = docconv.ConvertPptx(f)
+	if _, ok := err.(*xml.SyntaxError); !ok {
+		t.Errorf("got error = %T, want *xml.SyntaxError", err)
+	}
+        if want := "EOF"; !strings.Contains(err.Error(), want) {
+                t.Errorf("got error = %v, want %v", err, want)
+        }
+}