CVE-2015-1472: wscanf allocates too little memory

BZ #16618

Under certain conditions wscanf can allocate too little memory for the
to-be-scanned arguments and overflow the allocated buffer.  The
implementation now correctly computes the required buffer size when
using malloc.

A regression test was added to tst-sscanf.