Assorted unit test Coverity fixes

Coverity-344508: Fix out-of-bound read in check_str test.
The len argument cannot be longer than the size of the source buffer.
The original test was attempting to test an append failure.
The updated test checks for correct behavior with two consecutive
appends.

Also added function comments to document correct use of textbuffer
functions.

Coverity-344493: Fix out-of-bounds read in check_jsnorm test.
The buffers passed to tokenizer_test must be NULL-terminated.

libclamav/jsparse/textbuf.h

@@ -27,6 +27,18 @@ struct text_buffer {
     size_t capacity;
 };
 
+/**
+ * @brief If the provided text_buffer capacity is smaller than the requested len,
+ * then resize the text_buffer to be at least `len` bytes in size.
+ *
+ * Note: If a resize is required, it will allocate an additional 4096 bytes, minimum.
+ *
+ * Safety: Will NOT free the text_buffer data if the realloc fails!
+ *
+ * @param txtbuf
+ * @param len
+ * @return int
+ */
 static inline int textbuffer_ensure_capacity(struct text_buffer *txtbuf, size_t len)
 {
     if (txtbuf->pos + len > txtbuf->capacity) {
@@ -41,6 +53,16 @@ static inline int textbuffer_ensure_capacity(struct text_buffer *txtbuf, size_t
     return 0;
 }
 
+/**
+ * @brief Append bytes from source `s` to the data in text_buffer `txtbuf`. Reallocate to a larger buf as needed.
+ *
+ * Safety: `s` must be at least `len` bytes in length.
+ *
+ * @param txtbuf    The destination text_buffer.
+ * @param s         Pointer to the source data.
+ * @param len       The number of bytes to copy from `s` to append to `txtbuf`
+ * @return int      0 on success. -1 on failure
+ */
 static inline int textbuffer_append_len(struct text_buffer *txtbuf, const char *s, size_t len)
 {
     if (textbuffer_ensure_capacity(txtbuf, len) == -1)
@@ -50,12 +72,26 @@ static inline int textbuffer_append_len(struct text_buffer *txtbuf, const char *
     return 0;
 }
 
+/**
+ * @brief A wrapper around textbuffer_append_len() for source buffers that are NULL-terminated strings.
+ *
+ * @param txtbuf    The destination text_buffer.
+ * @param s         Pointer to the source data.
+ * @return int      0 on success. -1 on failure
+ */
 static inline int textbuffer_append(struct text_buffer *txtbuf, const char *s)
 {
     size_t len = strlen(s);
     return textbuffer_append_len(txtbuf, s, len);
 }
 
+/**
+ * @brief Append a single cahracter from source `c` to the data in text_buffer `txtbuf`. Reallocate to a larger buf as needed.
+ *
+ * @param txtbuf    The destination text_buffer.
+ * @param c         Pointer to the source data.
+ * @return int      0 on success. -1 on failure
+ */
 static inline int textbuffer_putc(struct text_buffer *txtbuf, const char c)
 {
     if (textbuffer_ensure_capacity(txtbuf, 1) == -1)

unit_tests/check_jsnorm.c

@@ -398,18 +398,22 @@ START_TEST(js_buffer)
     const char s_exp[] = "<script>";
     const char e_exp[] = "</script>";
     char *tst          = malloc(len);
-    char *exp          = malloc(len + sizeof(s_exp) + sizeof(e_exp) - 2);
+
+    const size_t explen = len + sizeof(s_exp) + sizeof(e_exp) - 2;
+    char *exp           = malloc(len + sizeof(s_exp) + sizeof(e_exp) - 2);
 
     ck_assert_msg(!!tst, "malloc");
     ck_assert_msg(!!exp, "malloc");
 
-    memset(tst, 'a', len);
+    memset(tst, 'a', len - 1);
     strncpy(tst, s, strlen(s));
     strncpy(tst + len - sizeof(e), e, sizeof(e));
+    tst[len - 1] = '\0';
 
     strncpy(exp, s_exp, len);
     strncpy(exp + sizeof(s_exp) - 1, tst, len - 1);
     strncpy(exp + sizeof(s_exp) + len - 2, e_exp, sizeof(e_exp));
+    exp[explen - 1] = '\0';
 
     tokenizer_test(tst, exp, 1);
     free(exp);

unit_tests/check_str.c

@@ -117,8 +117,8 @@ START_TEST(test_append_len)
     ck_assert_msg(textbuffer_append_len(&buf, "test", 3) != -1, "tbuf append");
     ck_assert_msg(buf.data && !strncmp(buf.data, "tes", 3), "textbuffer_append_len");
     errmsg_expected();
-    ck_assert_msg(textbuffer_append_len(&buf, "test", CLI_MAX_ALLOCATION) == -1, "tbuf append");
-    ck_assert_msg(buf.data && !strncmp(buf.data, "tes", 3), "textbuffer_append_len");
+    ck_assert_msg(textbuffer_append_len(&buf, "TEST", 4) != -1, "tbuf append");
+    ck_assert_msg(buf.data && !strncmp(buf.data, "tesTEST", 4), "textbuffer_append_len");
 }
 END_TEST