diff --git a/frameworks/cert_manager_standard/main/common/src/cm_x509.c b/frameworks/cert_manager_standard/main/common/src/cm_x509.c
index 87eec7105cf04f184e4c44ccfdb3e3eac8cd3734..ef40a1a854661f1a1216068fc0800a9fe5f91375 100644
--- a/frameworks/cert_manager_standard/main/common/src/cm_x509.c
+++ b/frameworks/cert_manager_standard/main/common/src/cm_x509.c
@@ -36,7 +36,7 @@ typedef ASN1_TIME *(TIME_FUNC)(const X509 *);
 X509 *InitCertContext(const uint8_t *certBuf, uint32_t size)
 {
     X509 *x509 = NULL;
-    if (certBuf == NULL || size > MAX_LEN_CERTIFICATE) {
+    if (certBuf == NULL || size > MAX_LEN_CERTIFICATE || size == 0) {
         return NULL;
     }
     BIO *bio = BIO_new_mem_buf(certBuf, (int)size);
diff --git a/frameworks/cert_manager_standard/main/os_dependency/log/cm_log.c b/frameworks/cert_manager_standard/main/os_dependency/log/cm_log.c
index 51356f91e66c5d2b6ac168f68838b41eb592f3de..94e2e5ca9667944f861bd8fc1fcd31ced810ce01 100644
--- a/frameworks/cert_manager_standard/main/os_dependency/log/cm_log.c
+++ b/frameworks/cert_manager_standard/main/os_dependency/log/cm_log.c
@@ -24,12 +24,7 @@
 
 void CmLog(uint32_t logLevel, const char *funcName, uint32_t lineNo, const char *format, ...)
 {
-    char *buf = (char *)CmMalloc(MAX_LOG_BUFF_LEN);
-    if (buf == NULL) {
-        HILOG_ERROR(LOG_CORE, "certificate manager log malloc fail");
-        return;
-    }
-    (void)memset_s(buf, MAX_LOG_BUFF_LEN, 0, MAX_LOG_BUFF_LEN);
+    char buf[MAX_LOG_BUFF_LEN] = {0};
 
     va_list ap;
     va_start(ap, format);
@@ -37,7 +32,6 @@ void CmLog(uint32_t logLevel, const char *funcName, uint32_t lineNo, const char
     va_end(ap);
     if (ret < 0) {
         HILOG_ERROR(LOG_CORE, "certificate manager log concatenate error.");
-        CM_FREE_PTR(buf);
         return;
     }
 
@@ -55,9 +49,6 @@ void CmLog(uint32_t logLevel, const char *funcName, uint32_t lineNo, const char
             HILOG_DEBUG(LOG_CORE, "%{public}s[%{public}u]: %{private}s\n", funcName, lineNo, buf);
             break;
         default:
-            CM_FREE_PTR(buf);
             return;
     }
-
-    CM_FREE_PTR(buf);
 }
diff --git a/interfaces/kits/napi/src/cm_napi_grant.cpp b/interfaces/kits/napi/src/cm_napi_grant.cpp
index f1923c5b25a0562bd50ce9ea91506b796229e4af..a1552602fcf670e485910119096ced59f6ab02dc 100644
--- a/interfaces/kits/napi/src/cm_napi_grant.cpp
+++ b/interfaces/kits/napi/src/cm_napi_grant.cpp
@@ -28,6 +28,7 @@ namespace {
 constexpr int CM_NAPI_GRANT_ARGS_CNT = 3;
 constexpr int CM_NAPI_IS_AUTHED_ARGS_CNT = 2;
 constexpr int CM_NAPI_CALLBACK_ARG_CNT = 1;
+constexpr int CARRY = 10;
 
 constexpr uint32_t OUT_AUTH_URI_SIZE = 1000;
 constexpr uint32_t OUT_AUTH_LIST_SIZE = 512;
@@ -72,12 +73,22 @@ static void FreeGrantAsyncContext(napi_env env, GrantAsyncContext &context)
     CM_FREE_PTR(context);
 }
 
+static bool IsNumeric(const char *str)
+{
+    if (str == nullptr || strcmp("", str) == 0) {
+        return false;
+    }
+    char *end = nullptr;
+    (void)strtol(str, &end, CARRY);
+    return !(*end);
+}
+
 static napi_value ParseString2Uint32(napi_env env, napi_value object, uint32_t &value)
 {
     struct CmBlob *blob = nullptr;
     napi_value result = ParseString(env, object, blob);
-    if (result == nullptr) {
-        CM_LOG_E("parse string to blob failed");
+    if (result == nullptr || !IsNumeric(reinterpret_cast<char *>(blob->data))) {
+        CM_LOG_E("parse string to uint32 failed");
         if (blob != nullptr) {
             CM_FREE_PTR(blob->data);
             CmFree(blob);
diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_app_cert_process.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_app_cert_process.c
index 45d7a54bd7c461e49ebfb3a91795440a6cadc24b..cee0f4df05b9928dec0d886d36aa343b6fd58420 100644
--- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_app_cert_process.c
+++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_app_cert_process.c
@@ -32,7 +32,6 @@
 #include "cert_manager_mem.h"
 #include "cert_manager_storage.h"
 #include "cert_manager_crypto_operation.h"
-#include "cert_manager.h"
 #include "cert_manager_service.h"
 #include "cert_manager_uri.h"
 #include "cm_log.h"
diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_service.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_service.c
index 491b306c27feac11f1c2312f87c28ff6d1164425..897978b0c7d129ec383ace05c8c26c90749b5108 100644
--- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_service.c
+++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_service.c
@@ -152,7 +152,7 @@ int32_t CmServiceGetAppCert(const struct CmContext *context, uint32_t store,
 int32_t CmServiceGrantAppCertificate(const struct CmContext *context, const struct CmBlob *keyUri,
     uint32_t appUid, struct CmBlob *authUri)
 {
-    if (CheckUri(keyUri) != CM_SUCCESS || CmCheckBlob(authUri) != CM_SUCCESS) {
+    if (CheckUri(keyUri) != CM_SUCCESS || CmCheckBlob(authUri) != CM_SUCCESS || context == NULL) {
         CM_LOG_E("invalid input arguments");
         return CMR_ERROR_INVALID_ARGUMENT;
     }