diff --git a/interfaces/inner_api/common/nfc_sdk_common.cpp b/interfaces/inner_api/common/nfc_sdk_common.cpp
index 04b414178d2c68680e49988aa5d4d3400c15e3cc..ab11981bc3ab4292b4c7e288344f9d40f9a61aa1 100644
--- a/interfaces/inner_api/common/nfc_sdk_common.cpp
+++ b/interfaces/inner_api/common/nfc_sdk_common.cpp
@@ -247,6 +247,19 @@ std::string NfcSdkCommon::CodeMiddlePart(const std::string &src)
     }
     return res;
 }
+
+bool NfcSdkCommon::SecureStringToInt(const std::string &str, int32_t &value, int base)
+{
+    errno = 0;
+    char *endptr = nullptr;
+    const char *ptr = str.c_str();
+    value = std::strtol(str.c_str(), &endptr, base);
+    if (errno == ERANGE || endptr == ptr || *endptr != '\0') { // ERANGE: integer overflow
+        ErrorLog("SecureStringToInt errno == ERANGE");
+        return false;
+    }
+    return true;
+}
 }  // namespace KITS
 }  // namespace NFC
 }  // namespace OHOS
diff --git a/interfaces/inner_api/common/nfc_sdk_common.h b/interfaces/inner_api/common/nfc_sdk_common.h
index 0cb4ed731a8d6ea7f5c60328463a55f1f34450a4..4e52c04667a7f91b3ad1b28e5547f609a68479b1 100644
--- a/interfaces/inner_api/common/nfc_sdk_common.h
+++ b/interfaces/inner_api/common/nfc_sdk_common.h
@@ -23,6 +23,8 @@ namespace KITS {
 const static uint32_t HEX_BYTE_LEN = 2;
 const static uint32_t HEX_VALUE = 16;
 const static uint32_t HALF_BYTE_BITS = 4;
+const static int DECIMAL_NOTATION = 10;
+const static int HEX_DECIMAL = 16;
 static const uint32_t NFC_MANAGER_SYS_ABILITY_ID = 1140;
 static const std::string NFC_MANAGER_SYS_ABILITY_NAME = "nfc_service";
 
@@ -191,6 +193,7 @@ public:
     static uint64_t GetCurrentTime();
     static uint64_t GetRelativeTime();
     static std::string CodeMiddlePart(const std::string &src);
+    static bool SecureStringToInt(const std::string &str, int32_t &value, int base);
 };
 }  // namespace KITS
 }  // namespace NFC
diff --git a/services/src/external_deps/nfc_param_util.cpp b/services/src/external_deps/nfc_param_util.cpp
index a86bd2dd015bf9f362ee1569090db11432665d4a..73520a0fd438dc0f44afbce786ab05d6749a099c 100644
--- a/services/src/external_deps/nfc_param_util.cpp
+++ b/services/src/external_deps/nfc_param_util.cpp
@@ -42,11 +42,9 @@ int NfcParamUtil::GetNfcStateFromParam()
         return 0; // return invalid nfc state
     }
     InfoLog("GetNfcStateFromParam, nfc state[%{public}s]", nfcState);
-    errno = 0;
-    char *endptr = nullptr;
-    long int num = std::strtol(nfcState, &endptr, DECIMAL_NOTATION);
-    if (errno == ERANGE) {
-        ErrorLog("strtol errno = ERANGE");
+    int32_t num = 0;
+    if (!KITS::NfcSdkCommon::SecureStringToInt(nfcState, num, KITS::DECIMAL_NOTATION)) {
+        ErrorLog("SecureStringToInt error");
         return 0; // return invalid nfc state
     }
     return static_cast<int>(num);
diff --git a/services/src/external_deps/nfc_param_util.h b/services/src/external_deps/nfc_param_util.h
index 81f431da72cce7ef9258031fb75d931f87b83ce5..d8fd5a804967428a5bf77631f381c98409df130f 100644
--- a/services/src/external_deps/nfc_param_util.h
+++ b/services/src/external_deps/nfc_param_util.h
@@ -20,7 +20,6 @@
 constexpr const char* NFC_SWITCH_STATE_PARAM_NAME = "persist.nfc.switch.state";
 const int PROPERTY_VALUE_MAX = 16;
 const int NFC_SWITCH_PARAM_LEN = 1;
-const uint32_t DECIMAL_NOTATION = 10;
 
 namespace OHOS {
 namespace NFC {
diff --git a/services/src/tag/ndef_har_data_parser.cpp b/services/src/tag/ndef_har_data_parser.cpp
index 86e8624bbb5b8ec5a5fb48b1d00b47d262f37c51..dba640bbe146f6c912471070f56ef50755525b2c 100644
--- a/services/src/tag/ndef_har_data_parser.cpp
+++ b/services/src/tag/ndef_har_data_parser.cpp
@@ -325,11 +325,16 @@ std::string NdefHarDataParser::GetUriPayload(std::shared_ptr<NdefRecord> record,
                 if (uri.size() <= 2) {  // 2 is uri identifier length
                     return NfcSdkCommon::HexStringToAsciiString(uri);
                 }
-                if (std::stoi(uri.substr(0, 2)) < 0 ||  // 2 is uri identifier length
-                    std::stoi(uri.substr(0, 2)) >= static_cast<int>(g_uriPrefix.size())) {
+                int32_t num = 0;
+                if (!KITS::NfcSdkCommon::SecureStringToInt(uri.substr(0, 2), num, KITS::DECIMAL_NOTATION)) {
+                    ErrorLog("SecureStringToInt error");
+                    return 0; // return invalid nfc state
+                }
+                if (num < 0 ||  // 2 is uri identifier length
+                    num >= static_cast<int>(g_uriPrefix.size())) {
                     return "";
                 }
-                std::string uriPrefix = g_uriPrefix[std::stoi(uri.substr(0, 2))];   // 2 is uri identifier length
+                std::string uriPrefix = g_uriPrefix[num];   // 2 is uri identifier length
                 InfoLog("NdefHarDataParser::GetUriPayload uriPrefix = %{public}s", uriPrefix.c_str());
                 return uriPrefix + NfcSdkCommon::HexStringToAsciiString(uri.substr(2));  // 2 is uri identifier length
             }