diff --git a/libwvdrmengine/cdm/core/src/initialization_data.cpp b/libwvdrmengine/cdm/core/src/initialization_data.cpp
index e819aef7..8e11afb6 100644
--- a/libwvdrmengine/cdm/core/src/initialization_data.cpp
+++ b/libwvdrmengine/cdm/core/src/initialization_data.cpp
@@ -457,8 +457,7 @@ bool InitializationData::ConstructWidevineInitData(
     LOGV("Base64 decode of json data failed");
     return false;
   }
-  std::string json_string((const char*)(&json_init_data[0]),
-                          json_init_data.size());
+  const std::string json_string(json_init_data.begin(), json_init_data.end());
 
   // Parse the Json string using jsmn
   jsmn_parser parser;
@@ -516,12 +515,13 @@ bool InitializationData::ConstructWidevineInitData(
         break;
       case kContentIdState:
         if (tokens[i].type == JSMN_STRING) {
-          std::string base64_content_id(json_string, tokens[i].start,
-                                        tokens[i].end - tokens[i].start);
-          std::vector<uint8_t> content_id_data =
+          const std::string base64_content_id = json_string.substr(
+              tokens[i].start, tokens[i].end - tokens[i].start);
+          const std::vector<uint8_t> content_id_data =
               wvutil::Base64Decode(base64_content_id);
-          content_id.assign(reinterpret_cast<const char*>(&content_id_data[0]),
-                            content_id_data.size());
+          if (!content_id_data.empty()) {
+            content_id.assign(content_id_data.begin(), content_id_data.end());
+          }
         }
         state = kParseState;
         break;
diff --git a/libwvdrmengine/cdm/core/test/initialization_data_unittest.cpp b/libwvdrmengine/cdm/core/test/initialization_data_unittest.cpp
index 86cfe36d..0bdffb28 100644
--- a/libwvdrmengine/cdm/core/test/initialization_data_unittest.cpp
+++ b/libwvdrmengine/cdm/core/test/initialization_data_unittest.cpp
@@ -872,4 +872,27 @@ INSTANTIATE_TEST_SUITE_P(
         HlsAttributeVariant(kHlsAttributeListInvalidIv, HLS_IV_ATTRIBUTE,
                             kHlsTestHexValueWithOddBytes, false)));
 
+TEST_F(HlsParseTest, BadHlsData_InvalidContentId) {
+  std::ostringstream hls_uri_json_stream;
+  hls_uri_json_stream << "{";
+  hls_uri_json_stream << "\"provider\": \"HlsParseTest.BadHlsData\", ";
+  // Intentionally bad Base64 content ID.
+  hls_uri_json_stream << "\"content_id\": \"$$$$\", ";
+  hls_uri_json_stream << "\"key_ids\": [\"00000000000000000000000000000000\"]";
+  hls_uri_json_stream << "}";
+  const std::string hls_uri_json = hls_uri_json_stream.str();
+
+  std::ostringstream hls_stream;
+  hls_stream << "#EXT-X-KEY:";
+  hls_stream << "METHOD=AES-128,";
+  hls_stream << "URI=\"data:text/plain;base64,"
+             << wvutil::Base64Encode(hls_uri_json) << "\",";
+  hls_stream << "IV=0x00000000000000000000000000000000,";
+  hls_stream << "KEYFORMAT=\"com.widevine\",";
+  hls_stream << "KEYFORMATVERSIONS=\"1\"";
+  const std::string hls_data = hls_stream.str();
+  // std::cout << "HLS Data:" << std::endl << hls_data << std::endl;
+  InitializationData init_data(HLS_INIT_DATA_FORMAT, hls_data);
+  EXPECT_TRUE(init_data.is_hls());
+}
 }  // namespace wvcdm