diff --git a/frameworks/js/napi/crypto/src/napi_utils.cpp b/frameworks/js/napi/crypto/src/napi_utils.cpp
index 7b431ac9ce8679c7cbcd51ffd36eac640ada8d8f..88c26b19ba7f8bd7087640a08448b5d3bc9b5294 100644
--- a/frameworks/js/napi/crypto/src/napi_utils.cpp
+++ b/frameworks/js/napi/crypto/src/napi_utils.cpp
@@ -728,6 +728,8 @@ bool GetDecodingParamsSpec(napi_env env, napi_value arg, HcfParamsSpec **returnS
     if (tmpPw->len > PASSWORD_MAX_LENGTH) {
         LOGE("Password length exceeds max length limit of 4096 bytes!");
         HcfBlobDataClearAndFree(tmpPw);
+        HcfFree(tmpPw);
+        tmpPw = nullptr;
         HcfFree(decodingParamsSpec);
         decodingParamsSpec = nullptr;
         return false;