diff --git a/interfaces/kits/js/src/mod_fs/class_watcher/watcher_entity.cpp b/interfaces/kits/js/src/mod_fs/class_watcher/watcher_entity.cpp
index 2cdb84a7eb63b19fc78df5a7a54d675f58989aea..41e2fdf4878a83fd5d5812212757c9ee0dca21a1 100644
--- a/interfaces/kits/js/src/mod_fs/class_watcher/watcher_entity.cpp
+++ b/interfaces/kits/js/src/mod_fs/class_watcher/watcher_entity.cpp
@@ -194,6 +194,18 @@ void FileWatcher::ReadNotifyEvent(WatcherCallback callback)
     while (((len = read(notifyFd_, &buf, sizeof(buf))) < 0) && (errno == EINTR)) {};
     while (index < len) {
         event = reinterpret_cast<inotify_event *>(buf + index);
+        if (sizeof(struct inotify_event) > (len - index)) {
+            HILOGE("out of bounds access, len: %lu, index: %d, inotify: %zu",
+                    static_cast<unsigned long>(len), index, sizeof(struct inotify_event));
+            break;
+        }
+        if (static_cast<unsigned int>(event->len) > 
+           (static_cast<unsigned int>(len - index - sizeof(struct inotify_event)))) {
+            HILOGE("out of bounds access, index: %d, inotify: %zu, event :%lu, len: %lu",
+                    index, sizeof(struct inotify_event),
+                    static_cast<unsigned long>(event->len), static_cast<unsigned long>(len));
+            break;
+        }
         NotifyEvent(event, callback);
         index += sizeof(struct inotify_event) + static_cast<int>(event->len);
     }