C++: Test for FP introduced by relOp changes

cpp/ql/test/query-tests/Likely Bugs/Format/SnprintfOverflow/SnprintfOverflow.expected

@@ -2,3 +2,4 @@
 | test.cpp:62:12:62:19 | call to snprintf | The $@ of this snprintf call is derived from its return value, which may exceed the size of the buffer and overflow. | test.cpp:62:26:62:34 | remaining | size argument |
 | test.cpp:76:10:76:17 | call to snprintf | The $@ of this snprintf call is derived from its return value, which may exceed the size of the buffer and overflow. | test.cpp:76:24:76:32 | ... - ... | size argument |
 | test.cpp:100:10:100:19 | call to snprintf_s | The $@ of this snprintf call is derived from its return value, which may exceed the size of the buffer and overflow. | test.cpp:100:35:100:54 | ... - ... | size argument |
+| test.cpp:109:15:109:22 | call to snprintf | The $@ of this snprintf call is derived from its return value, which may exceed the size of the buffer and overflow. | test.cpp:109:29:109:35 | buf_len | size argument |

cpp/ql/test/query-tests/Likely Bugs/Format/SnprintfOverflow/test.cpp

@@ -103,3 +103,15 @@ void test7(const char *strings) // separated by \0, terminated by \0\0
 		strings += strlen(strings) + 1;
 	}
 }
+
+void concat_strings(char *buf, size_t buf_len, const char **strings, size_t n_strings) {
+  while (n_strings > 0) {
+    int ret = snprintf(buf, buf_len, "%s", *strings); // GOOD [FALSE POSITIVE]
+    if (ret > buf_len)
+      return;
+    buf_len -= ret;
+    buf += ret;
+    n_strings--;
+    strings++;
+  }
+}