4 files changed, 40 insertions, 8 deletions

diff --git a/src/bootloader/bootloader.C b/src/bootloader/bootloader.C
index defac9b57..eb1cb8743 100644
--- a/src/bootloader/bootloader.C
+++ b/src/bootloader/bootloader.C
@@ -196,16 +196,14 @@ namespace Bootloader{
      *     respect to the first 8 bytes).
      *
      *  @param[in] i_pHeader Void pointer to start of the container's secure
-     *      header.  Must not be nullptr or function will assert.
+     *      header.  Must not be nullptr.
      *  @param[in] i_pComponentId Reference component ID to compare to.  Must
-     *      not be nullptr or function will assert.
+     *      not be nullptr.
      */
     void verifyComponentId(
         const void* const i_pHeader,
         const char* const i_pComponentId)
     {
-        assert(i_pHeader != nullptr);
-        assert(i_pComponentId != nullptr);
 
         const auto* const pHwPrefix =
             reinterpret_cast<const ROM_prefix_header_raw* const>(
@@ -444,8 +442,6 @@ namespace Bootloader{
                                      l_errCode,
                                      l_pnorStart);
 
-        BOOTLOADER_TRACE(BTLDR_TRC_MAIN_GETHBBSECTION_RTN );
-
         if(PNOR::NO_ERROR == l_errCode)
         {
             // get hbbFlashOffset
@@ -456,11 +452,42 @@ namespace Bootloader{
             bool l_hbbEcc =
                 ( g_blData->bl_hbbSection.integrity == FFS_INTEG_ECC_PROTECT);
 
+            uint32_t workingLength= (l_hbbEcc) ?
+                (l_hbbLength * LENGTH_W_ECC)/LENGTH_WO_ECC : l_hbbLength;
+
+            // handleMMIO below always moves WORDSIZE chunks at a time, even
+            // if there is just one byte left, so subtract WORDSIZE from the
+            // limit to compensate
+            if(workingLength > (MEGABYTE-WORDSIZE))
+            {
+                BOOTLOADER_TRACE(BTLDR_TRC_BAD_WORK_LEN);
+                /*@
+                 * @errortype
+                 * @moduleid         Bootloader::MOD_BOOTLOADER_MAIN
+                 * @reasoncode       Bootloader::RC_BAD_WORK_LEN
+                 * @userdata1[0:15]  TI_WITH_SRC
+                 * @userdata1[16:31] TI_BOOTLOADER
+                 * @userdata1[32:63] Failing address = 0
+                 * @userdata2[0:31]  Length of data from TOC (bytes)
+                 * @userdata2[32:63] Working length (bytes)
+                 * @errorInfo[0:31]  Max space available (bytes)
+                 * @devdesc  Not enough memory to load boot firmware
+                 * @custdesc Failed to load boot firmware
+                 */
+                bl_terminate(
+                    MOD_BOOTLOADER_MAIN,
+                    RC_BAD_WORK_LEN,
+                    l_hbbLength,
+                    workingLength,
+                    true,
+                    0,
+                    (MEGABYTE-WORDSIZE));
+            }
+
             // Copy HB base code from PNOR to working location
             handleMMIO(l_pnorStart + l_hbbFlashOffset,
                        (l_hbbEcc) ? HBB_ECC_WORKING_ADDR : HBB_WORKING_ADDR,
-                       (l_hbbEcc) ? (l_hbbLength * LENGTH_W_ECC)/LENGTH_WO_ECC
-                                  : l_hbbLength,
+                       workingLength,
                        WORDSIZE);
             BOOTLOADER_TRACE(BTLDR_TRC_MAIN_WORKING_HANDLEMMIO_RTN);
 
diff --git a/src/build/debug/Hostboot/BlTrace.pm b/src/build/debug/Hostboot/BlTrace.pm
index cb310c403..5fd8baf18 100644
--- a/src/build/debug/Hostboot/BlTrace.pm
+++ b/src/build/debug/Hostboot/BlTrace.pm
@@ -43,6 +43,7 @@ my %traceText = (
     "19" => "Main verify skip verification - SAB unset ",
     "1A" => "Main verify component ID succeeded",
     "1B" => "Main verify component ID failed",
+    "1C" => "Main working length too big",
     "20" => "HandleMMIO started",
     "21" => "HandleMMIO started using BYTESIZE",
     "24" => "HandleMMIO started using WORDSIZE",
diff --git a/src/include/bootloader/bootloader_trace.H b/src/include/bootloader/bootloader_trace.H
index 311c34d5c..69c708ad0 100644
--- a/src/include/bootloader/bootloader_trace.H
+++ b/src/include/bootloader/bootloader_trace.H
@@ -79,6 +79,9 @@ enum BootloaderTraces
     /** Bootloader main verifyComponentId failed */
     BTLDR_TRC_COMP_ID_VERIFY_FAILED          = 0x1B,
 
+    /** Bootloader main working length too big */
+    BTLDR_TRC_BAD_WORK_LEN                   = 0x1C,
+
     /** Bootloader handleMMIO started */
     BTLDR_TRC_HANDLEMMIO_START               = 0x20,
 
diff --git a/src/include/bootloader/hbblreasoncodes.H b/src/include/bootloader/hbblreasoncodes.H
index 0eb47fcac..7ea0f189f 100644
--- a/src/include/bootloader/hbblreasoncodes.H
+++ b/src/include/bootloader/hbblreasoncodes.H
@@ -74,6 +74,7 @@ namespace Bootloader
         RC_NO_HBB_IN_TOC           = HBBL_COMP_ID | 0x0C, /**< No HBB Sect in TOC */
         RC_PNOR_SECID_OUT_OF_RANGE = HBBL_COMP_ID | 0x0D, /**< Requested PNOR SecId DNE in string array */
         RC_PNOR_NULLPTR            = HBBL_COMP_ID | 0x0E, /**< Requested address to compare is a nullptr */
+        RC_BAD_WORK_LEN            = HBBL_COMP_ID | 0x0F, /**< Working length too large */
     };
 
 };  // end Bootloader