diff --git a/libopaeuio/opaeuio.c b/libopaeuio/opaeuio.c
index 764445b1dece..0543878028d6 100644
--- a/libopaeuio/opaeuio.c
+++ b/libopaeuio/opaeuio.c
@@ -58,6 +58,9 @@
 fprintf(stderr, "%s:%u:%s() **ERROR** [%s] : " format , \
 	__SHORT_FILE__, __LINE__, __func__, strerror(errno), ##__VA_ARGS__)
 
+// dfl_dev.xxx
+#define MAX_DFL_DEVICE 11
+
 STATIC int opae_uio_read_sysfs_uint64(const char *path, uint64_t *puint)
 {
 	FILE *fp;
@@ -246,7 +249,7 @@ STATIC int opae_uio_init(struct opae_uio *u, const char *dfl_device)
 	glob_t globbuf;
 	int res = 0;
 	size_t len;
-	char *p;
+	char *p = NULL;
 	const char *glob_fmts[] = {
 		"/sys/bus/dfl/devices/%s/uio/uio*",
 		"/sys/bus/dfl/devices/%s/uio_pdrv_genirq.*.auto/uio/uio*",
@@ -257,6 +260,8 @@ STATIC int opae_uio_init(struct opae_uio *u, const char *dfl_device)
 	memset(u, 0, sizeof(*u));
 	u->device_fd = -1;
 
+	memset(&globbuf, 0, sizeof(globbuf));
+
 	// Use glob to discover the uio device name.
 	for (i = 0 ; glob_fmts[i] ; ++i) {
 		int glob_res;
@@ -345,6 +350,12 @@ int opae_uio_open(struct opae_uio *u, const char *dfl_device)
 		return 1;
 	}
 
+	if (strlen(dfl_device) > MAX_DFL_DEVICE) {
+		ERR("%s is too long to be a DFL device name.\n",
+		    dfl_device);
+		return 2;
+	}
+
 	return opae_uio_init(u, dfl_device);
 }