Index: firmware/App/Services/SystemCommMessages.c
===================================================================
diff -u -r5d3e28c19ae10a99a5ce1fc5c010ac944975a6a1 -r5e3a46112ebab361a33b9f7cadb619eb12b44c0f
--- firmware/App/Services/SystemCommMessages.c	(.../SystemCommMessages.c)	(revision 5d3e28c19ae10a99a5ce1fc5c010ac944975a6a1)
+++ firmware/App/Services/SystemCommMessages.c	(.../SystemCommMessages.c)	(revision 5e3a46112ebab361a33b9f7cadb619eb12b44c0f)
@@ -3071,16 +3071,19 @@
     U32 totalMessages;
     U32 payloadLength;
 
-    memcpy(&currentMessage, payloadPtr, sizeof(U32));
-    payloadPtr += sizeof(U32);
+    if ( message->hdr.payloadLen >= ( sizeof(currentMessage) + sizeof(totalMessages) + sizeof(payloadLength) ) )
+    {
+        memcpy(&currentMessage, payloadPtr, sizeof(U32));
+        payloadPtr += sizeof(U32);
 
-    memcpy(&totalMessages, payloadPtr, sizeof(U32));
-    payloadPtr += sizeof(U32);
+        memcpy(&totalMessages, payloadPtr, sizeof(U32));
+        payloadPtr += sizeof(U32);
 
-    memcpy(&payloadLength, payloadPtr, sizeof(U32));
-    payloadPtr += sizeof(U32);
+        memcpy(&payloadLength, payloadPtr, sizeof(U32));
+        payloadPtr += sizeof(U32);
 
-    status = receiveRecordFromDialin( NVDATAMGMT_CALIBRATION_RECORD, currentMessage, totalMessages, payloadLength, payloadPtr );
+        status = receiveRecordFromDialin( NVDATAMGMT_CALIBRATION_RECORD, currentMessage, totalMessages, payloadLength, payloadPtr );
+    }
 
     // Respond to request
     sendTestAckResponseMsg( (MSG_ID_T)message->hdr.msgID, status );
@@ -3130,16 +3133,19 @@
     U32 totalMessages;
     U32 payloadLength;
 
-    memcpy(&currentMessage, payloadPtr, sizeof(U32));
-    payloadPtr += sizeof(U32);
+    if ( message->hdr.payloadLen >= ( sizeof(currentMessage) + sizeof(totalMessages) + sizeof(payloadLength) ) )
+    {
+        memcpy(&currentMessage, payloadPtr, sizeof(U32));
+        payloadPtr += sizeof(U32);
 
-    memcpy(&totalMessages, payloadPtr, sizeof(U32));
-    payloadPtr += sizeof(U32);
+        memcpy(&totalMessages, payloadPtr, sizeof(U32));
+        payloadPtr += sizeof(U32);
 
-    memcpy(&payloadLength, payloadPtr, sizeof(U32));
-    payloadPtr += sizeof(U32);
+        memcpy(&payloadLength, payloadPtr, sizeof(U32));
+        payloadPtr += sizeof(U32);
 
-    status = receiveRecordFromDialin( NVDATAMGMT_SYSTEM_RECORD, currentMessage, totalMessages, payloadLength, payloadPtr );
+        status = receiveRecordFromDialin( NVDATAMGMT_SYSTEM_RECORD, currentMessage, totalMessages, payloadLength, payloadPtr );
+    }
 
     // Respond to request
     sendTestAckResponseMsg( (MSG_ID_T)message->hdr.msgID, status );
@@ -3216,16 +3222,19 @@
     U32 totalMessages;
     U32 payloadLength;
 
-    memcpy(&currentMessage, payloadPtr, sizeof(U32));
-    payloadPtr += sizeof(U32);
+    if ( message->hdr.payloadLen >= ( sizeof(currentMessage) + sizeof(totalMessages) + sizeof(payloadLength) ) )
+    {
+        memcpy(&currentMessage, payloadPtr, sizeof(U32));
+        payloadPtr += sizeof(U32);
 
-    memcpy(&totalMessages, payloadPtr, sizeof(U32));
-    payloadPtr += sizeof(U32);
+        memcpy(&totalMessages, payloadPtr, sizeof(U32));
+        payloadPtr += sizeof(U32);
 
-    memcpy(&payloadLength, payloadPtr, sizeof(U32));
-    payloadPtr += sizeof(U32);
+        memcpy(&payloadLength, payloadPtr, sizeof(U32));
+        payloadPtr += sizeof(U32);
 
-    status = receiveRecordFromDialin( NVDATAMGMT_SERVICE_RECORD, currentMessage, totalMessages, payloadLength, payloadPtr );
+        status = receiveRecordFromDialin( NVDATAMGMT_SERVICE_RECORD, currentMessage, totalMessages, payloadLength, payloadPtr );
+    }
 
     // Respond to request
     sendTestAckResponseMsg( (MSG_ID_T)message->hdr.msgID, status );