diff --git a/components/bt/common/btc/core/btc_task.c b/components/bt/common/btc/core/btc_task.c
index 00eeb0958c..29ed09e796 100644
--- a/components/bt/common/btc/core/btc_task.c
+++ b/components/bt/common/btc/core/btc_task.c
@@ -215,7 +215,8 @@ bt_status_t btc_transfer_context(btc_msg_t *msg, void *arg, int arg_len, btc_arg
 {
     btc_msg_t* lmsg;
 
-    if (msg == NULL) {
+    //                              arg XOR arg_len
+    if ((msg == NULL) || ((arg == NULL) == !(arg_len == 0))) {
         return BT_STATUS_PARM_INVALID;
     }
 
@@ -230,7 +231,7 @@ bt_status_t btc_transfer_context(btc_msg_t *msg, void *arg, int arg_len, btc_arg
     if (arg) {
         lmsg->arg = (void *)osi_malloc(arg_len);
         if (lmsg->arg == NULL) {
-            free(lmsg);
+            osi_free(lmsg);
             return BT_STATUS_NOMEM;
         }
         memset(lmsg->arg, 0x00, arg_len);    //important, avoid arg which have no length