diff --git a/base/src/parcel.cpp b/base/src/parcel.cpp
index ef607c541b8232449fcd87928b33d3939b9d808a..6d7b41a2d7b298bdf60daa6117d7d01a15741783 100644
--- a/base/src/parcel.cpp
+++ b/base/src/parcel.cpp
@@ -636,11 +636,20 @@ bool Parcel::EnsureObjectsCapacity()
     size_t newCapacity = ((objectsCapacity_ + NEW_CAPACITY_ADD) * NEW_CAPACITY_MULTI) / NEW_CAPACITY_DIV;
     size_t newBytes = newCapacity * sizeof(binder_size_t);
 
-    void *newOffsets = realloc(objectOffsets_, newBytes);
+    void *newOffsets = malloc(newBytes);
     if (newOffsets == nullptr) {
         return false;
     }
 
+    if (objectOffsets_ != nullptr) {
+        if (memcpy_s(newOffsets, newBytes, objectOffsets_, objectCursor_ * sizeof(binder_size_t)) != EOK) {
+            free(newOffsets);
+            newOffsets = nullptr;
+            return false;
+        }
+        free(objectOffsets_);
+    }
+
     objectOffsets_ = reinterpret_cast<binder_size_t *>(newOffsets);
     objectsCapacity_ = newCapacity;
     return true;
@@ -876,10 +885,18 @@ bool Parcel::RewindWrite(size_t newPosition)
             return true;
         }
         size_t newBytes = objectSize * sizeof(binder_size_t);
-        void *newOffsets = realloc(objectOffsets_, newBytes);
+        void *newOffsets = malloc(newBytes);
         if (newOffsets == nullptr) {
             return false;
         }
+        if (objectOffsets_ != nullptr) {
+            if (memcpy_s(newOffsets, newBytes, objectOffsets_, newBytes) != EOK) {
+                free(newOffsets);
+                newOffsets = nullptr;
+                return false;
+            }
+            free(objectOffsets_);
+        }
         objectOffsets_ = reinterpret_cast<binder_size_t *>(newOffsets);
         objectCursor_ = objectSize;
         objectsCapacity_ = objectCursor_;