Index: firmware/App/Services/SystemCommMessages.c
===================================================================
diff -u -r335d28f954aed9522d5cc71863cd8dc253070758 -rce659127f12060b21cb725240ff9ed919ab5f94d
--- firmware/App/Services/SystemCommMessages.c	(.../SystemCommMessages.c)	(revision 335d28f954aed9522d5cc71863cd8dc253070758)
+++ firmware/App/Services/SystemCommMessages.c	(.../SystemCommMessages.c)	(revision ce659127f12060b21cb725240ff9ed919ab5f94d)
@@ -3071,16 +3071,19 @@
     U32 totalMessages;
     U32 payloadLength;
 
-    memcpy(&currentMessage, payloadPtr, sizeof(U32));
-    payloadPtr += sizeof(U32);
+    if ( message->hdr.payloadLen >= ( sizeof(currentMessage) + sizeof(totalMessages) + sizeof(payloadLength) ) )
+    {
+        memcpy(&currentMessage, payloadPtr, sizeof(U32));
+        payloadPtr += sizeof(U32);
 
-    memcpy(&totalMessages, payloadPtr, sizeof(U32));
-    payloadPtr += sizeof(U32);
+        memcpy(&totalMessages, payloadPtr, sizeof(U32));
+        payloadPtr += sizeof(U32);
 
-    memcpy(&payloadLength, payloadPtr, sizeof(U32));
-    payloadPtr += sizeof(U32);
+        memcpy(&payloadLength, payloadPtr, sizeof(U32));
+        payloadPtr += sizeof(U32);
 
-    status = receiveRecordFromDialin( NVDATAMGMT_CALIBRATION_RECORD, currentMessage, totalMessages, payloadLength, payloadPtr );
+        status = receiveRecordFromDialin( NVDATAMGMT_CALIBRATION_RECORD, currentMessage, totalMessages, payloadLength, payloadPtr );
+    }
 
     // Respond to request
     sendTestAckResponseMsg( (MSG_ID_T)message->hdr.msgID, status );
@@ -3130,16 +3133,19 @@
     U32 totalMessages;
     U32 payloadLength;
 
-    memcpy(&currentMessage, payloadPtr, sizeof(U32));
-    payloadPtr += sizeof(U32);
+    if ( message->hdr.payloadLen >= ( sizeof(currentMessage) + sizeof(totalMessages) + sizeof(payloadLength) ) )
+    {
+        memcpy(&currentMessage, payloadPtr, sizeof(U32));
+        payloadPtr += sizeof(U32);
 
-    memcpy(&totalMessages, payloadPtr, sizeof(U32));
-    payloadPtr += sizeof(U32);
+        memcpy(&totalMessages, payloadPtr, sizeof(U32));
+        payloadPtr += sizeof(U32);
 
-    memcpy(&payloadLength, payloadPtr, sizeof(U32));
-    payloadPtr += sizeof(U32);
+        memcpy(&payloadLength, payloadPtr, sizeof(U32));
+        payloadPtr += sizeof(U32);
 
-    status = receiveRecordFromDialin( NVDATAMGMT_SYSTEM_RECORD, currentMessage, totalMessages, payloadLength, payloadPtr );
+        status = receiveRecordFromDialin( NVDATAMGMT_SYSTEM_RECORD, currentMessage, totalMessages, payloadLength, payloadPtr );
+    }
 
     // Respond to request
     sendTestAckResponseMsg( (MSG_ID_T)message->hdr.msgID, status );
@@ -3216,16 +3222,19 @@
     U32 totalMessages;
     U32 payloadLength;
 
-    memcpy(&currentMessage, payloadPtr, sizeof(U32));
-    payloadPtr += sizeof(U32);
+    if ( message->hdr.payloadLen >= ( sizeof(currentMessage) + sizeof(totalMessages) + sizeof(payloadLength) ) )
+    {
+        memcpy(&currentMessage, payloadPtr, sizeof(U32));
+        payloadPtr += sizeof(U32);
 
-    memcpy(&totalMessages, payloadPtr, sizeof(U32));
-    payloadPtr += sizeof(U32);
+        memcpy(&totalMessages, payloadPtr, sizeof(U32));
+        payloadPtr += sizeof(U32);
 
-    memcpy(&payloadLength, payloadPtr, sizeof(U32));
-    payloadPtr += sizeof(U32);
+        memcpy(&payloadLength, payloadPtr, sizeof(U32));
+        payloadPtr += sizeof(U32);
 
-    status = receiveRecordFromDialin( NVDATAMGMT_SERVICE_RECORD, currentMessage, totalMessages, payloadLength, payloadPtr );
+        status = receiveRecordFromDialin( NVDATAMGMT_SERVICE_RECORD, currentMessage, totalMessages, payloadLength, payloadPtr );
+    }
 
     // Respond to request
     sendTestAckResponseMsg( (MSG_ID_T)message->hdr.msgID, status );