From f3eb6a7200fc78ba493f0d6b815bf34137b275db Mon Sep 17 00:00:00 2001
From: Gergely Nagy <algernon@keyboard.io>
Date: Wed, 3 Oct 2018 08:26:34 +0200
Subject: [PATCH] Try to avoid a possible PROGMEM overflow in getKeyOverride

If we're looking up a key from `PROGMEM`, only do that if the layer in question
is smaller than `layer_count`. Doing otherwise would read garbage from `PROGMEM`
in case we try to read from a layer higher than what we have in there. This can
happen if we have more layers in `EEPROM` than in `PROGMEM`.

Signed-off-by: Gergely Nagy <algernon@keyboard.io>
---
 src/Kaleidoscope/EEPROM-Keymap.cpp | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/Kaleidoscope/EEPROM-Keymap.cpp b/src/Kaleidoscope/EEPROM-Keymap.cpp
index 0b707fe2..0be6c4f6 100644
--- a/src/Kaleidoscope/EEPROM-Keymap.cpp
+++ b/src/Kaleidoscope/EEPROM-Keymap.cpp
@@ -53,8 +53,17 @@ Key EEPROMKeymap::getKeyOverride(uint8_t layer, byte row, byte col) {
   Key key;
 
   key = getKey(layer, row, col);
-  if (key == Key_Transparent || layer >= max_layers_)
+
+  /*
+  * If we read a transparent key from EEPROM, or we're trying to read from a
+  * layer higher than what is available there (max_layers), check if we're below
+  * the layer count in PROGMEM (layer_count). If we are, read from PROGMEM,
+  * otherwise leave the key as-is (either transparent or NoKey).
+  */
+  if ((key == Key_Transparent || layer >= max_layers) &&
+      (layer < layer_count))
     key = Layer.getKeyFromPROGMEM(layer, row, col);
+
   return key;
 }