diff --git a/components/bt/host/bluedroid/bta/hf_ag/bta_ag_sdp.c b/components/bt/host/bluedroid/bta/hf_ag/bta_ag_sdp.c
index 60688c49241..30e01139a92 100644
--- a/components/bt/host/bluedroid/bta/hf_ag/bta_ag_sdp.c
+++ b/components/bt/host/bluedroid/bta/hf_ag/bta_ag_sdp.c
@@ -243,13 +243,16 @@ void bta_ag_del_records(tBTA_AG_SCB *p_scb, tBTA_AG_DATA *p_data)
     UNUSED(p_data);
 
     /* get services of all other registered servers */
-    for (i = 0; i < BTA_AG_NUM_IDX; i++, p++) {
+    for (i = 0; i < BTA_AG_NUM_IDX; i++) {
         if (p_scb == p) {
             continue;
         }
         if (p->in_use && p->dealloc == FALSE) {
             others |= p->reg_services;
         }
+        if (i < BTA_AG_NUM_SCB) {
+            p++;
+        }
     }
     others >>= BTA_HSP_SERVICE_ID;
     services = p_scb->reg_services >> BTA_HSP_SERVICE_ID;
diff --git a/components/bt/host/bluedroid/bta/jv/bta_jv_act.c b/components/bt/host/bluedroid/bta/jv/bta_jv_act.c
index 5f521762703..2af53038276 100644
--- a/components/bt/host/bluedroid/bta/jv/bta_jv_act.c
+++ b/components/bt/host/bluedroid/bta/jv/bta_jv_act.c
@@ -1199,10 +1199,15 @@ void bta_jv_delete_record(tBTA_JV_MSG *p_data)
 *******************************************************************************/
 static void bta_jv_l2cap_client_cback(UINT16 gap_handle, UINT16 event)
 {
+    if (gap_handle >= BTA_JV_MAX_L2C_CONN) {
+        APPL_TRACE_WARNING("Invalid gap_handle: %u", gap_handle);
+        return;
+    }
+
     tBTA_JV_L2C_CB  *p_cb = &bta_jv_cb.l2c_cb[gap_handle];
     tBTA_JV evt_data = {0};
 
-    if (gap_handle >= BTA_JV_MAX_L2C_CONN && !p_cb->p_cback) {
+    if (!p_cb->p_cback) {
         return;
     }
 
@@ -1354,12 +1359,17 @@ void bta_jv_l2cap_close(tBTA_JV_MSG *p_data)
 *******************************************************************************/
 static void bta_jv_l2cap_server_cback(UINT16 gap_handle, UINT16 event)
 {
+    if (gap_handle >= BTA_JV_MAX_L2C_CONN) {
+        APPL_TRACE_WARNING("Invalid gap_handle: %u", gap_handle);
+        return;
+    }
+
     tBTA_JV_L2C_CB  *p_cb = &bta_jv_cb.l2c_cb[gap_handle];
     tBTA_JV evt_data = {0};
     tBTA_JV_L2CAP_CBACK *p_cback;
     void *user_data;
 
-    if (gap_handle >= BTA_JV_MAX_L2C_CONN && !p_cb->p_cback) {
+    if (!p_cb->p_cback) {
         return;
     }