diff --git a/src/sql/engine/expr/ob_expr_priv_st_asewkb.cpp b/src/sql/engine/expr/ob_expr_priv_st_asewkb.cpp
index 85c74ab2f..4d33f75b2 100644
--- a/src/sql/engine/expr/ob_expr_priv_st_asewkb.cpp
+++ b/src/sql/engine/expr/ob_expr_priv_st_asewkb.cpp
@@ -103,6 +103,7 @@ int ObExprStPrivAsEwkb::eval_priv_st_as_ewkb(const ObExpr &expr,
 
   if (OB_SUCC(ret)) {
     ObString res_wkb;
+    const int64_t data_offset = WKB_OFFSET + WKB_GEO_BO_SIZE + WKB_GEO_TYPE_SIZE;
     if (is_null_result) {
       res.set_null();
     } else if (OB_FAIL(ObGeoExprUtils::geo_to_wkb(*geo, expr, ctx, srs, res_wkb))) {
@@ -114,6 +115,9 @@ int ObExprStPrivAsEwkb::eval_priv_st_as_ewkb(const ObExpr &expr,
         LOG_WARN("fail to check coordinate range", K(ret));
       } else if (OB_FAIL(lob.get_inrow_data(res_wkb))) {
         LOG_WARN("fail to get inrow data", K(ret), K(lob));
+      } else if (res_wkb.length() < data_offset) {
+        ret = OB_ERR_UNEXPECTED;
+        LOG_WARN("unexpected wkb length", K(ret), K(res_wkb.length()));
       } else if (OB_FAIL(ObGeoTypeUtil::get_header_info_from_wkb(res_wkb, header))) {
         LOG_WARN("fail to get wkb header info", K(ret), K(res_wkb));
       } else {
@@ -121,7 +125,6 @@ int ObExprStPrivAsEwkb::eval_priv_st_as_ewkb(const ObExpr &expr,
         // swkb:[srid][version][bo][type][data]
         *(reinterpret_cast<uint8_t *>(res_wkb.ptr())) = static_cast<uint8_t>(header.bo_); // 1. write [bo]
         int64_t pos = WKB_GEO_BO_SIZE + WKB_GEO_TYPE_SIZE;
-        int64_t data_offset = WKB_OFFSET + WKB_GEO_BO_SIZE + WKB_GEO_TYPE_SIZE;
         int64_t remove_len = WKB_VERSION_SIZE;
         uint32_t geo_type = static_cast<uint32_t>(header.type_);
         bool is_3d_geo = ObGeoTypeUtil::is_3d_geo_type(geo->type());
diff --git a/src/sql/engine/expr/ob_geo_expr_utils.cpp b/src/sql/engine/expr/ob_geo_expr_utils.cpp
index 47f955b66..12a46cf58 100644
--- a/src/sql/engine/expr/ob_geo_expr_utils.cpp
+++ b/src/sql/engine/expr/ob_geo_expr_utils.cpp
@@ -318,7 +318,7 @@ int ObGeoExprUtils::parse_axis_order(const ObString option_str,
           axis_order_key.assign_ptr(option_str.ptr()+str_start_pos, pos-str_start_pos);
           if (axis_order_key.case_compare(ObString("axis-order"))) {
             ret = OB_ERR_INVALID_OPTION_KEY;
-            strncpy(err_str, axis_order_key.ptr(), axis_order_key.length() < STR_LEN_MAX ? axis_order_key.length() : STR_LEN_MAX);
+            strncpy(err_str, axis_order_key.ptr(), axis_order_key.length() < (STR_LEN_MAX - 1) ? axis_order_key.length() : (STR_LEN_MAX - 1));
             LOG_USER_ERROR(OB_ERR_INVALID_OPTION_KEY, err_str, func_name);
             LOG_WARN("failed to parse axis-order, the key must be axis-order", K(ret));
           }
@@ -351,14 +351,14 @@ int ObGeoExprUtils::parse_axis_order(const ObString option_str,
         }
       }
       if (OB_FAIL(ret)) {
-        strncpy(err_str, axis_order_key.ptr(), axis_order_key.length() < STR_LEN_MAX ? axis_order_key.length() : STR_LEN_MAX);
+        strncpy(err_str, axis_order_key.ptr(), axis_order_key.length() < (STR_LEN_MAX - 1) ? axis_order_key.length() : (STR_LEN_MAX - 1));
         char val_err_str[STR_LEN_MAX] = {0}; // cstyle err string
         strncpy(val_err_str, axis_order_val.ptr(), axis_order_val.length() < (STR_LEN_MAX - 1) ? axis_order_val.length() : (STR_LEN_MAX - 1));
         LOG_USER_ERROR(OB_ERR_INVALID_OPTION_VALUE, val_err_str, err_str, func_name);
       }
     } else if (ret == OB_INVALID_OPTION) {
       ret = OB_ERR_INVALID_OPTION_KEY_VALUE_PAIR;
-      strncpy(err_str, option_str.ptr(), option_str.length() < STR_LEN_MAX ? option_str.length() : STR_LEN_MAX);
+      strncpy(err_str, option_str.ptr(), option_str.length() < (STR_LEN_MAX - 1) ? option_str.length() : (STR_LEN_MAX - 1));
       LOG_USER_ERROR(OB_ERR_INVALID_OPTION_KEY_VALUE_PAIR, err_str, '=', func_name);
     }
   }