diff --git a/framework/tools/hc-gen/src/ast.h b/framework/tools/hc-gen/src/ast.h
index 17a4b14118e22c34991377a71d2a6079854e20b2..af5be3e62097fa1c86de36060f1e3e693a43732c 100644
--- a/framework/tools/hc-gen/src/ast.h
+++ b/framework/tools/hc-gen/src/ast.h
@@ -383,7 +383,7 @@ public:
                     return false;
                 }
             } else {
-                uint32_t ret = forwardCallback(roundWalkObj, walkDepth);
+                auto ret = forwardCallback(roundWalkObj, walkDepth);
                 /* when callback return EASTWALKBREAK, not walk current's child */
                 if (ret && ret != EASTWALKBREAK) {
                     return false;
diff --git a/framework/tools/hc-gen/src/bytecode_gen.cpp b/framework/tools/hc-gen/src/bytecode_gen.cpp
index 99ca76b8fd97a54cb15c5de0889f283b7b1f9a0a..c07386e282029bc298f6d7261184eb9b924ff3b7 100644
--- a/framework/tools/hc-gen/src/bytecode_gen.cpp
+++ b/framework/tools/hc-gen/src/bytecode_gen.cpp
@@ -267,6 +267,18 @@ bool ByteCodeGen::HexdumpInitialize(FILE *&in, FILE *&out)
         return false;
     }
 
+    char path[PATH_MAX] = {0};
+    char *checkPath = realpath(hexdumpOutName.data(), path);
+    if (checkPath == nullptr) {
+        Logger().Error() << "realpath failed, file path: " << hexdumpOutName;
+        return false;
+    }
+
+    if (!IsValidPath(checkPath)) {
+        Logger().Error() << "Invalid path, file path: " << hexdumpOutName;
+        return false;
+    }
+
     out = fopen(hexdumpOutName.data(), "wb");
     if (out == nullptr) {
         fclose(in);
diff --git a/framework/tools/hc-gen/src/file.h b/framework/tools/hc-gen/src/file.h
index d74ec2d901aea259e8e9ddf341791fdfff3a939f..eb3ed3ef4db76cc40155b7e951c91f4478eed4ab 100644
--- a/framework/tools/hc-gen/src/file.h
+++ b/framework/tools/hc-gen/src/file.h
@@ -9,6 +9,8 @@
 #ifndef HC_GEN_FILE_H
 #define HC_GEN_FILE_H
 
+#include <cstring>
+#include <climits>
 #include <string>
 
 namespace OHOS {
@@ -22,6 +24,14 @@ public:
     static std::string FileNameBase(const std::string &path);
 };
 } // namespace Util
+
+
+#define MAX_PATH_LENGTH PATH_MAX
+inline bool IsValidPath(const char *realPath)
+{
+    return !(realPath == nullptr || realPath[0] != '/' || strlen(realPath) > MAX_PATH_LENGTH);
+}
+
 } // namespace Hardware
 } // namespace OHOS
 #endif // HC_GEN_FILE_H
diff --git a/framework/tools/hc-gen/src/lexer.cpp b/framework/tools/hc-gen/src/lexer.cpp
index e9e10566017b8899192bc1cc0d8faf9af688c234..d16fdc0ac075c59e03f802ea188755161be02059 100644
--- a/framework/tools/hc-gen/src/lexer.cpp
+++ b/framework/tools/hc-gen/src/lexer.cpp
@@ -10,7 +10,7 @@
 
 #include <sstream>
 #include <string>
-
+#include "file.h"
 #include "logger.h"
 
 using namespace OHOS::Hardware;
@@ -40,6 +40,24 @@ bool Lexer::Initialize(const std::string &sourceName)
     bufferEnd_ = nullptr;
     lineno_ = 1;
     lineLoc_ = 1;
+
+    if (!srcName_) {
+        Logger().Error() << "srcName_ nullptr";
+        return false;
+    }
+
+    char path[PATH_MAX] = {0};
+    char *checkPath = realpath(srcName_->c_str(), path);
+    if (checkPath == nullptr) {
+        Logger().Error() << "realpath failed, file path: " << *srcName_;
+        return false;
+    }
+
+    if (!IsValidPath(checkPath)) {
+        Logger().Error() << "Invalid path, file path: " << *srcName_;
+        return false;
+    }
+
     src_.open(srcName_->c_str(), std::ifstream::binary);
     if (!src_.is_open()) {
         Logger().Error() << "Failed to open source file: " << srcName_->data();
diff --git a/framework/tools/hc-gen/src/macro_gen.cpp b/framework/tools/hc-gen/src/macro_gen.cpp
index 4ce4eeb4e94fa90c84f54be4da09d8d0ff5dabf0..295fa5c0cc05b61ea460d50d90117ce80bfc2521 100644
--- a/framework/tools/hc-gen/src/macro_gen.cpp
+++ b/framework/tools/hc-gen/src/macro_gen.cpp
@@ -83,6 +83,18 @@ bool MacroGen::Initialize()
         outFileName.append(".h");
     }
 
+    char path[PATH_MAX] = {0};
+    char *checkPath = realpath(outFileName.data(), path);
+    if (checkPath == nullptr) {
+        Logger().Error() << "realpath failed, file path: " << outFileName;
+        return false;
+    }
+
+    if (!IsValidPath(checkPath)) {
+        Logger().Error() << "Invalid path, file path: " << outFileName;
+        return false;
+    }
+
     ofs_.open(outFileName, std::ofstream::out | std::ofstream::binary);
     if (!ofs_.is_open()) {
         Logger().Error() << "failed to open output file: " << outFileName;
@@ -284,4 +296,4 @@ void MacroGen::SetTypeDataUinit64(
     } else {
         ofs_ << " " << current->IntegerValue() << std::endl;
     }
-}
\ No newline at end of file
+}
diff --git a/framework/tools/hc-gen/src/option.cpp b/framework/tools/hc-gen/src/option.cpp
index c661d330176bb4fcf5d0d6754ba6010040bbc7c8..f6176249d398e35938e52a3b62c27dcc58649441 100644
--- a/framework/tools/hc-gen/src/option.cpp
+++ b/framework/tools/hc-gen/src/option.cpp
@@ -42,7 +42,7 @@ Option &Option::Parse(int argc, char **argv)
             break;
         }
 
-        if (optind >= argc) {
+        if (optind >= argc || optind < 0) {
             Logger().Error() << "Miss input file name";
             SetOptionError();
             break;
diff --git a/framework/tools/hc-gen/src/startup_cfg_gen.cpp b/framework/tools/hc-gen/src/startup_cfg_gen.cpp
index ec219cb9f1f0d754822cd7612c20545369bb15a7..422d413d5a8b94e827f037b6f7c65494cac1772f 100644
--- a/framework/tools/hc-gen/src/startup_cfg_gen.cpp
+++ b/framework/tools/hc-gen/src/startup_cfg_gen.cpp
@@ -87,6 +87,18 @@ bool StartupCfgGen::Initialize()
     outFileName = Util::File::StripSuffix(outFileName).append(".cfg");
     outFileName_ = Util::File::FileNameBase(outFileName);
 
+    char path[PATH_MAX] = {0};
+    char *checkPath = realpath(outFileName.data(), path);
+    if (checkPath == nullptr) {
+        Logger().Error() << "realpath failed, outFileName: " << outFileName;
+        return false;
+    }
+
+    if (!IsValidPath(checkPath)) {
+        Logger().Error() << "Invalid path, outFileName: " << outFileName;
+        return false;
+    }
+
     ofs_.open(outFileName, std::ofstream::out | std::ofstream::binary);
     if (!ofs_.is_open()) {
         Logger().Error() << "failed to open output file: " << outFileName;
@@ -186,8 +198,8 @@ void StartupCfgGen::HostInfoOutput(const std::string &name, bool end)
 
     if (!hostInfoMap_[name].initConfig.empty()) {
         for (auto &info : hostInfoMap_[name].initConfig) {
-            int firstQuotePos = info.find("\"");
-            int secondQuotePos = info.find("\"", firstQuotePos + 1);
+            size_t firstQuotePos = info.find("\"");
+            size_t secondQuotePos = info.find("\"", firstQuotePos + 1);
             configedKeywords.insert(info.substr(firstQuotePos + 1, secondQuotePos - (firstQuotePos + 1)));
         }
     }
@@ -360,7 +372,7 @@ void StartupCfgGen::GetMallocOpt(const std::shared_ptr<AstObject> &hostInfo,
     std::vector<std::string> mallocOptions = {};
     GetConfigVector(term, mallocOptions);
     for (auto mallocOption : mallocOptions) {
-        int separatorPos = mallocOption.find(MALLOPT_SEPARATOR);
+        size_t separatorPos = mallocOption.find(MALLOPT_SEPARATOR);
         std::string malloptKey = mallocOption.substr(0, separatorPos);
         std::string malloptValue = mallocOption.substr(separatorPos + 1,
             mallocOption.length() - (separatorPos + 1));
diff --git a/framework/tools/hc-gen/src/text_gen.cpp b/framework/tools/hc-gen/src/text_gen.cpp
index 6ac78346ab59110f6afbb3c60a91894c175178b2..d8387a5ba8079e4ff118c7bde43d66422d61ab7d 100644
--- a/framework/tools/hc-gen/src/text_gen.cpp
+++ b/framework/tools/hc-gen/src/text_gen.cpp
@@ -372,7 +372,7 @@ uint32_t TextGen::ImplementCloseBraceGen(const std::shared_ptr<AstObject> &objec
     if (object == ast_->GetAstRoot()) {
         ofs_ << "};\n";
     } else {
-        ofs_ << Indent(depth) << "},\n";
+        ofs_ << Indent(static_cast<uint32_t>(depth)) << "},\n";
     }
     return ofs_.good() ? NOERR : EOUTPUT;
 }