Index: firmware/App/Services/SystemCommMessages.c =================================================================== diff -u -rd4fb7fbaefda4e6616013778edeb2cc8ebba0d1c -r8e72c6f49edd66b0eadf56e4d7aeafea58763a3f --- firmware/App/Services/SystemCommMessages.c (.../SystemCommMessages.c) (revision d4fb7fbaefda4e6616013778edeb2cc8ebba0d1c) +++ firmware/App/Services/SystemCommMessages.c (.../SystemCommMessages.c) (revision 8e72c6f49edd66b0eadf56e4d7aeafea58763a3f) @@ -5770,16 +5770,20 @@ U32 totalMessages; U32 payloadLength; - memcpy(¤tMessage, payloadPtr, sizeof(U32)); - payloadPtr += sizeof(U32); + if ( ( message->hdr.payloadLen >= ( sizeof(currentMessage) + sizeof(totalMessages) + sizeof(payloadLength) ) ) && + ( MODE_SERV == getCurrentOperationMode() ) ) + { + memcpy(¤tMessage, payloadPtr, sizeof(U32)); + payloadPtr += sizeof(U32); - memcpy(&totalMessages, payloadPtr, sizeof(U32)); - payloadPtr += sizeof(U32); + memcpy(&totalMessages, payloadPtr, sizeof(U32)); + payloadPtr += sizeof(U32); - memcpy(&payloadLength, payloadPtr, sizeof(U32)); - payloadPtr += sizeof(U32); + memcpy(&payloadLength, payloadPtr, sizeof(U32)); + payloadPtr += sizeof(U32); - status = receiveRecordFromDialin( NVDATAMGMT_CALIBRATION_RECORD, currentMessage, totalMessages, payloadLength, payloadPtr ); + status = receiveRecordFromDialin( NVDATAMGMT_CALIBRATION_RECORD, currentMessage, totalMessages, payloadLength, payloadPtr ); + } // Respond to request sendTestAckResponseMsg( (MSG_ID_T)message->hdr.msgID, status ); @@ -5950,16 +5954,20 @@ U32 totalMessages; U32 payloadLength; - memcpy(¤tMessage, payloadPtr, sizeof(U32)); - payloadPtr += sizeof(U32); + if ( ( message->hdr.payloadLen >= sizeof(currentMessage) + sizeof(totalMessages) + sizeof(payloadLength) ) && + ( MODE_SERV == getCurrentOperationMode() ) ) + { + memcpy(¤tMessage, payloadPtr, sizeof(U32)); + payloadPtr += sizeof(U32); - memcpy(&totalMessages, payloadPtr, sizeof(U32)); - payloadPtr += sizeof(U32); + memcpy(&totalMessages, payloadPtr, sizeof(U32)); + payloadPtr += sizeof(U32); - memcpy(&payloadLength, payloadPtr, sizeof(U32)); - payloadPtr += sizeof(U32); + memcpy(&payloadLength, payloadPtr, sizeof(U32)); + payloadPtr += sizeof(U32); - status = receiveRecordFromDialin( NVDATAMGMT_SYSTEM_RECORD, currentMessage, totalMessages, payloadLength, payloadPtr ); + status = receiveRecordFromDialin( NVDATAMGMT_SYSTEM_RECORD, currentMessage, totalMessages, payloadLength, payloadPtr ); + } // Respond to request sendTestAckResponseMsg( (MSG_ID_T)message->hdr.msgID, status ); @@ -6132,16 +6140,20 @@ U32 totalMessages; U32 payloadLength; - memcpy(¤tMessage, payloadPtr, sizeof(U32)); - payloadPtr += sizeof(U32); + if ( ( message->hdr.payloadLen >= ( sizeof(currentMessage) + sizeof(totalMessages) + sizeof(payloadLength) ) ) && + ( MODE_SERV == getCurrentOperationMode() ) ) + { + memcpy(¤tMessage, payloadPtr, sizeof(U32)); + payloadPtr += sizeof(U32); - memcpy(&totalMessages, payloadPtr, sizeof(U32)); - payloadPtr += sizeof(U32); + memcpy(&totalMessages, payloadPtr, sizeof(U32)); + payloadPtr += sizeof(U32); - memcpy(&payloadLength, payloadPtr, sizeof(U32)); - payloadPtr += sizeof(U32); + memcpy(&payloadLength, payloadPtr, sizeof(U32)); + payloadPtr += sizeof(U32); - status = receiveRecordFromDialin( NVDATAMGMT_SERVICE_RECORD, currentMessage, totalMessages, payloadLength, payloadPtr ); + status = receiveRecordFromDialin( NVDATAMGMT_SERVICE_RECORD, currentMessage, totalMessages, payloadLength, payloadPtr ); + } // Respond to request sendTestAckResponseMsg( (MSG_ID_T)message->hdr.msgID, status );