diff --git a/frameworks/huks_standard/main/os_dependency/BUILD.gn b/frameworks/huks_standard/main/os_dependency/BUILD.gn
index fa5d8be67c35b9dea10cbc58064d549f43b2ee59..ff3d0260fdb3cec1a3bf9d05b2e0b2cd019d1743 100644
--- a/frameworks/huks_standard/main/os_dependency/BUILD.gn
+++ b/frameworks/huks_standard/main/os_dependency/BUILD.gn
@@ -30,7 +30,10 @@ ohos_static_library("libhuks_os_dependency_standard_static") {
   part_name = "huks"
   public_configs = [ ":huks_config" ]
   configs = [ "//base/security/huks/frameworks/config/build:coverage_flag" ]
-  include_dirs = [ "log" ]
+  include_dirs = [
+    "log",
+    "//third_party/bounds_checking_function/include",
+  ]
   defines = [
     "L2_STANDARD",
     "_HARDWARE_ROOT_KEY_",
diff --git a/frameworks/huks_standard/main/os_dependency/posix/hks_mem.c b/frameworks/huks_standard/main/os_dependency/posix/hks_mem.c
index a70488c46803b07e53f0738a504fca3c5e92e71b..586132aa061fd00e0eba1a85a73affdddf03b183 100644
--- a/frameworks/huks_standard/main/os_dependency/posix/hks_mem.c
+++ b/frameworks/huks_standard/main/os_dependency/posix/hks_mem.c
@@ -18,10 +18,16 @@
 #include <stdint.h>
 #include <stdlib.h>
 #include <string.h>
+#include "securec.h"
 
 void *HksMalloc(size_t size)
 {
-    return malloc(size);
+    void *ret = NULL;
+    ret = malloc(size);
+    if (ret != NULL) {
+        (void)memset_s(ret, size, 0, size);
+    }
+    return ret;
 }
 
 int32_t HksMemCmp(const void *ptr1, const void *ptr2, uint32_t size)
diff --git a/utils/file_operator/hks_file_operator.c b/utils/file_operator/hks_file_operator.c
index ccb8e676271ddfe3fa948a2a5b7d0143fe5ee19d..9cd83977c7e75b3ecb875d75ae7b8e2fd9a0e7c7 100644
--- a/utils/file_operator/hks_file_operator.c
+++ b/utils/file_operator/hks_file_operator.c
@@ -89,10 +89,14 @@ static uint32_t FileRead(const char *fileName, uint32_t offset, uint8_t *buf, ui
     (void)offset;
     HKS_IF_NOT_SUCC_RETURN(IsFileExist(fileName), 0)
 
+    if (strstr(fileName, "../") != NULL) {
+        HKS_LOG_E("invalid filePath, path %" LOG_PUBLIC "s", fileName);
+        return 0;
+    }
+
     char filePath[PATH_MAX + 1] = {0};
-    (void)realpath(fileName, filePath);
-    if (strstr(filePath, "../") != NULL) {
-        HKS_LOG_E("invalid filePath, path %" LOG_PUBLIC "s", filePath);
+    if (realpath(fileName, filePath) == NULL) {
+        HKS_LOG_E("invalid filePath, path %" LOG_PUBLIC "s", fileName);
         return 0;
     }
 
@@ -129,11 +133,12 @@ static int32_t FileWrite(const char *fileName, uint32_t offset, const uint8_t *b
     if (memcpy_s(filePath, sizeof(filePath) - 1, fileName, strlen(fileName)) != EOK) {
         return HKS_ERROR_INSUFFICIENT_MEMORY;
     }
-    (void)realpath(fileName, filePath);
+
     if (strstr(filePath, "../") != NULL) {
         HKS_LOG_E("invalid filePath!");
         return HKS_ERROR_INVALID_KEY_FILE;
     }
+    (void)realpath(fileName, filePath);
 
     /* caller function ensures that the folder exists */
     FILE *fp = fopen(filePath, "wb+");