From e22bc7620cef763d9ad80e9b98182273de9973db Mon Sep 17 00:00:00 2001
From: Keeley Hoek <keeley@hoek.io>
Date: Sun, 7 Apr 2024 07:05:51 -0400
Subject: [PATCH] fix(hid): Correct off-by-one buffer overflow with NKRO

---
 app/include/zmk/hid.h | 4 +++-
 app/src/hid.c         | 2 +-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/app/include/zmk/hid.h b/app/include/zmk/hid.h
index d1d3b7d47db..41f559b5189 100644
--- a/app/include/zmk/hid.h
+++ b/app/include/zmk/hid.h
@@ -6,6 +6,8 @@
 
 #pragma once
 
+#include <zephyr/sys/util.h>
+
 #include <zephyr/usb/usb_device.h>
 #include <zephyr/usb/class/usb_hid.h>
 
@@ -200,7 +202,7 @@ struct zmk_hid_keyboard_report_body {
     zmk_mod_flags_t modifiers;
     uint8_t _reserved;
 #if IS_ENABLED(CONFIG_ZMK_HID_REPORT_TYPE_NKRO)
-    uint8_t keys[(ZMK_HID_KEYBOARD_NKRO_MAX_USAGE + 1) / 8];
+    uint8_t keys[DIV_ROUND_UP(ZMK_HID_KEYBOARD_NKRO_MAX_USAGE + 1, 8)];
 #elif IS_ENABLED(CONFIG_ZMK_HID_REPORT_TYPE_HKRO)
     uint8_t keys[CONFIG_ZMK_HID_KEYBOARD_REPORT_SIZE];
 #endif
diff --git a/app/src/hid.c b/app/src/hid.c
index 8b0c23f37ed..582db6763de 100644
--- a/app/src/hid.c
+++ b/app/src/hid.c
@@ -126,7 +126,7 @@ zmk_hid_boot_report_t *zmk_hid_get_boot_report(void) {
     memset(&boot_report.keys, 0, HID_BOOT_KEY_LEN);
     int ix = 0;
     uint8_t base_code = 0;
-    for (int i = 0; i < (ZMK_HID_KEYBOARD_NKRO_MAX_USAGE + 1) / 8; ++i) {
+    for (int i = 0; i < sizeof(keyboard_report.body.keys); ++i) {
         if (ix == keys_held) {
             break;
         }