diff --git a/interfaces/kits/js/src/mod_fs/class_watcher/fs_file_watcher.cpp b/interfaces/kits/js/src/mod_fs/class_watcher/fs_file_watcher.cpp
index 9f77d49df39c7e271a3d9ca53d0e9a9b9418a648..e411c3e6aed596b896da0e000812516b78d19c25 100644
--- a/interfaces/kits/js/src/mod_fs/class_watcher/fs_file_watcher.cpp
+++ b/interfaces/kits/js/src/mod_fs/class_watcher/fs_file_watcher.cpp
@@ -202,6 +202,18 @@ void FsFileWatcher::ReadNotifyEvent()
 
     while (index < len) {
         event = reinterpret_cast<inotify_event *>(buf + index);
+        if ((len - index) < sizeof(struct inotify_event)) {
+            HILOGE("out of bounds access, len:%{public}d, index: %{public}d, inotify: %{public}zu",
+                   len, index, sizeof(struct inotify_event));
+            break;
+        }
+        if (event->len > (static_cast<unsigned int>(len - index - sizeof(struct inotify_event)))) {
+            HILOGE("out of bounds access, index: %{public}d, inotify: %{public}zu, "
+                   "event :%{public}u, len: %{public}d",
+                   index, sizeof(struct inotify_event),
+                   event->len, len);
+            break;
+        }
         NotifyEvent(event);
         index += sizeof(struct inotify_event) + static_cast<int32_t>(event->len);
     }