diff --git a/services/engine/BUILD.gn b/services/engine/BUILD.gn
index e45692520b606c5b29bfc9337a3ccc5fa48c0545..c3ae8190d2db38a2d38948a36f78ecfd9aa791a9 100644
--- a/services/engine/BUILD.gn
+++ b/services/engine/BUILD.gn
@@ -35,6 +35,10 @@ ohos_prebuilt_etc("updater_sa.cfg") {
 ohos_shared_library("$updateengine_library_name") {
   sanitize = {
     boundary_sanitize = true
+    cfi = true
+    cfi_cross_dso = true
+    debug = false
+    blocklist = "./cfi_blocklist.txt"
   }
   shlib_type = "sa"
   include_dirs = sa_include_dirs
diff --git a/services/engine/cfi_blocklist.txt b/services/engine/cfi_blocklist.txt
new file mode 100644
index 0000000000000000000000000000000000000000..a4a141cc839f255448bd0300dc2be4a68dcf3953
--- /dev/null
+++ b/services/engine/cfi_blocklist.txt
@@ -0,0 +1,15 @@
+# Copyright (C) 2022-2025 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+[cfi]
+src:*/commonlibrary/c_utils/base/include/refbase.h
diff --git a/services/firmware/check/include/firmware_icheck.h b/services/firmware/check/include/firmware_icheck.h
index 98b547b131f16fba9e7629dbd00f9ce4459a2c5f..706521fccad627f3c3fdce421dfba060d987611b 100644
--- a/services/firmware/check/include/firmware_icheck.h
+++ b/services/firmware/check/include/firmware_icheck.h
@@ -122,15 +122,22 @@ private:
     {
         response.content.assign(buffer.begin(), buffer.end());
         response.status = static_cast<int64_t>(HttpConstant::SUCCESS);
-        cJSONPtr root(cJSON_Parse(buffer.data()), cJSON_Delete);
-        ENGINE_CHECK(root != nullptr, return -1, "Error get root");
-        cJSON *item = cJSON_GetObjectItem(root.get(), "searchStatus");
-        ENGINE_CHECK(item != nullptr, return -1, "Error get searchStatus");
+        cJSON *root = cJSON_Parse(buffer.data());
+        ENGINE_CHECK(root != nullptr,
+            cJSON_Delete(root);
+            return -1, "Error get root");
+        cJSON *item = cJSON_GetObjectItem(root, "searchStatus");
+        ENGINE_CHECK(item != nullptr,
+            cJSON_Delete(root);
+            return -1, "Error get searchStatus");
         if (!cJSON_IsNumber(item)) {
             FIRMWARE_LOGE("Error json parse");
+            cJSON_Delete(root);
             return -1;
         }
-        return CAST_INT(static_cast<SearchStatus>(item->valueint));
+        int32_t ret = item->valueint;
+        cJSON_Delete(root);
+        return ret;
     }
 
     int32_t ReadDataFromSSL(int32_t engineSocket, NetworkResponse &response)