diff --git a/libwvdrmengine/mediacrypto/aidl_src/WVCryptoPlugin.cpp b/libwvdrmengine/mediacrypto/aidl_src/WVCryptoPlugin.cpp
index d2a26ef0..3bd457d6 100644
--- a/libwvdrmengine/mediacrypto/aidl_src/WVCryptoPlugin.cpp
+++ b/libwvdrmengine/mediacrypto/aidl_src/WVCryptoPlugin.cpp
@@ -144,6 +144,7 @@ SharedBufferBase::~SharedBufferBase() {
   const char* detailedError = "";
   *_aidl_return = 0;  // bytes decrypted
 
+  native_handle_t* handle = nullptr;
   uint8_t* srcPtr = nullptr;
   void* destPtr = nullptr;
   // Convert parameters to the form the CDM wishes to consume them in.
@@ -159,6 +160,7 @@ SharedBufferBase::~SharedBufferBase() {
     }
 
     const auto NON_SECURE = DestinationBuffer::Tag::nonsecureMemory;
+    const auto SECURE = DestinationBuffer::Tag::secureMemory;
     if (in_args.destination.getTag() == NON_SECURE) {
       const SharedBuffer& dest = in_args.destination.get<NON_SECURE>();
       if (mSharedBufferMap.find(dest.bufferId) == mSharedBufferMap.end()) {
@@ -218,10 +220,8 @@ SharedBufferBase::~SharedBufferBase() {
       }
       destPtr = static_cast<void*>(
           dest->mBase + in_args.destination.get<NON_SECURE>().offset);
-    } else if (in_args.destination.getTag() ==
-               DestinationBuffer::Tag::secureMemory) {
-      native_handle_t* handle = android::makeFromAidl(
-          in_args.destination.get<DestinationBuffer::Tag::secureMemory>());
+    } else if (in_args.destination.getTag() == SECURE) {
+      handle = android::makeFromAidl(in_args.destination.get<SECURE>());
       destPtr = static_cast<void*>(handle);
     }
   }  // lock_guard scope
@@ -276,6 +276,7 @@ SharedBufferBase::~SharedBufferBase() {
   // Decrypt
   std::string errorDetailMsg;
   Status res = attemptDecrypt(params, hasProtectedData, &errorDetailMsg);
+  native_handle_delete(handle);
   if (res != Status::OK) {
     detailedError = errorDetailMsg.data();
     return toNdkScopedAStatus(res, detailedError);