From 961ec66ee5e1c6b9464428aeac4af4d6d010eec7 Mon Sep 17 00:00:00 2001
From: Jesse Vincent <jesse@keyboard.io>
Date: Mon, 4 Mar 2024 21:01:55 -0800
Subject: [PATCH] It was possible to overflow the dynamic macro list if the
 dynamicmacros data structure was zeroed out.

---
 .../src/kaleidoscope/plugin/DynamicMacros.cpp                  | 2 +-
 .../src/kaleidoscope/plugin/DynamicMacros.h                    | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/plugins/Kaleidoscope-DynamicMacros/src/kaleidoscope/plugin/DynamicMacros.cpp b/plugins/Kaleidoscope-DynamicMacros/src/kaleidoscope/plugin/DynamicMacros.cpp
index c4277ef7b8..31f27ea0a2 100644
--- a/plugins/Kaleidoscope-DynamicMacros/src/kaleidoscope/plugin/DynamicMacros.cpp
+++ b/plugins/Kaleidoscope-DynamicMacros/src/kaleidoscope/plugin/DynamicMacros.cpp
@@ -41,7 +41,7 @@ uint8_t DynamicMacros::updateDynamicMacroCache() {
 
   map_[0] = 0;
 
-  while (pos < storage_base_ + storage_size_) {
+  while (pos < storage_base_ + storage_size_ && current_id < MAX_MACRO_COUNT_) {
     macro = Runtime.storage().read(pos++);
     switch (macro) {
     case MACRO_ACTION_STEP_EXPLICIT_REPORT:
diff --git a/plugins/Kaleidoscope-DynamicMacros/src/kaleidoscope/plugin/DynamicMacros.h b/plugins/Kaleidoscope-DynamicMacros/src/kaleidoscope/plugin/DynamicMacros.h
index 3cac7b453f..2bf8917168 100644
--- a/plugins/Kaleidoscope-DynamicMacros/src/kaleidoscope/plugin/DynamicMacros.h
+++ b/plugins/Kaleidoscope-DynamicMacros/src/kaleidoscope/plugin/DynamicMacros.h
@@ -48,9 +48,10 @@ class DynamicMacros : public kaleidoscope::Plugin {
   void play(uint8_t seq_id);
 
  private:
+  static const uint8_t MAX_MACRO_COUNT_ = 32;
   uint16_t storage_base_;
   uint16_t storage_size_;
-  uint16_t map_[32];
+  uint16_t map_[MAX_MACRO_COUNT_];
   uint8_t macro_count_;
   uint8_t updateDynamicMacroCache();