diff --git a/adapter/uhdf2/manager/src/devmgr_dump.c b/adapter/uhdf2/manager/src/devmgr_dump.c
index 378d8a14683b2e7cc548c71475df16872ab39fdd..2307179e4b081a83e0c99771b0475475590d87b7 100644
--- a/adapter/uhdf2/manager/src/devmgr_dump.c
+++ b/adapter/uhdf2/manager/src/devmgr_dump.c
@@ -14,7 +14,7 @@
  */
 
 #include "securec.h"
-
+#include <stdint.h>
 #include "devmgr_service.h"
 #include "devhost_service_clnt.h"
 #include "devhost_service_proxy.h"
@@ -30,6 +30,10 @@
 
 #define HDF_LOG_TAG devmgr_dump
 
+#ifndef DEVCNT_MAX
+#define DEVCNT_MAX             (200000)
+#endif
+
 static const char *HELP_COMMENT =
     " usage:\n"
     " -help  :display help information\n"
@@ -358,8 +362,8 @@ static void DevMgrFillDeviceInfo(struct HdfSBuf *data, struct HdfSBuf *reply, ui
     const uint32_t devNameAlign = 8;
     const uint32_t devIdAlign = 40;
     const uint32_t servNameAlign = 56;
-    uint32_t devCnt;
-    uint32_t devId;
+    uint32_t devCnt = 0;
+    uint32_t devId = 0;
     const uint32_t strEndLen = 2;
 
     while (true) {
@@ -369,7 +373,10 @@ static void DevMgrFillDeviceInfo(struct HdfSBuf *data, struct HdfSBuf *reply, ui
 
         (void)HdfSbufReadUint32(data, &devCnt);
         (*hostCnt)++;
-
+        if (devCnt <= 0 || devCnt > DEVCNT_MAX) {
+            HDF_LOGE("devCnt is over");
+            return;
+        }
         for (uint32_t i = 0; i < devCnt; i++) {
             // The line is a combination of multiple fields, and the fields are filled with blank characters
             (void)memset_s(line, sizeof(line), ' ', sizeof(line));