diff --git a/ipc/native/src/core/invoker/source/binder_invoker.cpp b/ipc/native/src/core/invoker/source/binder_invoker.cpp
index d0fded34917be62c17c0b10ad9e418eb771f3906..b2dbc1d18e0db3962f39084531e9d13ddd5f11a5 100644
--- a/ipc/native/src/core/invoker/source/binder_invoker.cpp
+++ b/ipc/native/src/core/invoker/source/binder_invoker.cpp
@@ -442,6 +442,11 @@ bool BinderInvoker::UnFlattenDBinderObject(Parcel &parcel, dbinder_negotiation_d
         parcel.RewindRead(offset);
         return false;
     }
+    if (obj->buffer == 0) {
+        ZLOGE(LABEL, "null dbinder buffer");
+        parcel.RewindRead(offset);
+        return false;
+    }
     dbinderData = *reinterpret_cast<dbinder_negotiation_data *>(obj->buffer);
     return true;
 }
diff --git a/test/fuzztest/ipc/native/src/core/binderinvokernew/binderinvokernew007_fuzzer/binderinvokernew007_fuzzer.cpp b/test/fuzztest/ipc/native/src/core/binderinvokernew/binderinvokernew007_fuzzer/binderinvokernew007_fuzzer.cpp
index b34ce513fa59a247f481b6647ff9c6bf97b194c1..42e15bb7640e24a83905716b299c9ef472ccb298 100644
--- a/test/fuzztest/ipc/native/src/core/binderinvokernew/binderinvokernew007_fuzzer/binderinvokernew007_fuzzer.cpp
+++ b/test/fuzztest/ipc/native/src/core/binderinvokernew/binderinvokernew007_fuzzer/binderinvokernew007_fuzzer.cpp
@@ -49,6 +49,7 @@ void UnFlattenDBinderObjectFuzzTest001(FuzzedDataProvider &provider)
     obj.flags = provider.ConsumeIntegral<uint32_t>();
     obj.length = provider.ConsumeIntegral<binder_size_t>();
     obj.parent = provider.ConsumeIntegral<binder_size_t>();
+    obj.buffer = 0;
     obj.parent_offset = provider.ConsumeIntegral<binder_size_t>();
     dataParcel.WriteBuffer(&obj, sizeof(binder_buffer_object));
     dbinder_negotiation_data dbinderData;