From 36f9dc11c4d9001d8e2f079f202c30012c02f7dd Mon Sep 17 00:00:00 2001
From: Project Nayuki <me@nayuki.io>
Date: Fri, 21 Apr 2017 15:49:16 +0000
Subject: [PATCH] Fixed more integer overflow checks in C++ code to be stricter
 (related to commit 873652a82f21).

---
 cpp/QrSegment.cpp | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/cpp/QrSegment.cpp b/cpp/QrSegment.cpp
index bf85ae3..d021dfc 100644
--- a/cpp/QrSegment.cpp
+++ b/cpp/QrSegment.cpp
@@ -54,7 +54,9 @@ const QrSegment::Mode QrSegment::Mode::KANJI       (0x8,  8, 10, 12);
 
 
 QrSegment QrSegment::makeBytes(const std::vector<uint8_t> &data) {
-	return QrSegment(Mode::BYTE, data.size(), data, data.size() * 8);
+	if (data.size() >= (unsigned int)INT_MAX / 8)
+		throw "Buffer too long";
+	return QrSegment(Mode::BYTE, (int)data.size(), data, (int)data.size() * 8);
 }
 
 
@@ -140,7 +142,7 @@ int QrSegment::getTotalBits(const std::vector<QrSegment> &segs, int version) {
 		const QrSegment &seg(segs.at(i));
 		int ccbits = seg.mode.numCharCountBits(version);
 		// Fail if segment length value doesn't fit in the length field's bit-width
-		if (seg.numChars >= (1 << ccbits))
+		if ((unsigned int)seg.numChars >= (1U << ccbits) || seg.bitLength > INT16_MAX)
 			return -1;
 		long temp = (long)result + 4 + ccbits + seg.bitLength;
 		if (temp > INT_MAX)