Enhance cpp/overflow-calculated - detect out-of-bounds write caused by passing the buffer size in bytes (using sizeof) instead of the number of elements to wcsftime, allowing the function to overrun the allocated buffer.

[felickz]

This pull request improves the detection of buffer overflow issues in the OverflowCalculated.ql query.

Improvements to buffer overflow detection:

• Enhanced query description: The description of the query has been updated to include scenarios involving incorrect size calculations for wide character functions, improving clarity and scope. Additionally, the precision level was set to "medium" to better reflect the query's behavior. (cpp/ql/src/Critical/OverflowCalculated.ql, cpp/ql/src/Critical/OverflowCalculated.qlL2-R5)

• New predicate for wide character size issues: Added the wideCharSizeofProblem predicate to detect cases where the sizeof operator is incorrectly used with wcsftime, leading to potential buffer overflows. The predicate checks for miscalculations in the count parameter by ensuring that the size is expressed in terms of wchar_t elements rather than bytes. (cpp/ql/src/Critical/OverflowCalculated.ql, cpp/ql/src/Critical/OverflowCalculated.qlR44-R64)

• Updated query logic: Modified the where clause in the query to include the new wideCharSizeofProblem predicate, enabling the detection of both traditional space problems and wide character size issues. (cpp/ql/src/Critical/OverflowCalculated.ql, cpp/ql/src/Critical/OverflowCalculated.qlR44-R64)

[felickz]

This query did exist previously but did not have any precision so it was not included in any suite.

Also enhanced the query to find additional scenarios - what would be best category?

[felickz]

This will add to security-extended suite. Review findings in DCA to ensure FP rate is low. FN's have not been evaluated by me - only added coverage for the above scenario only.

[felickz]

Hand rolled this, security-and-quality, and not_included_in