From 1664187480ca7437f9663b585bb5a306f29341b4 Mon Sep 17 00:00:00 2001
From: yangbiao59 <yangbiao59@h-partners.com>
Date: Mon, 28 Jul 2025 11:41:22 +0000
Subject: [PATCH] =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E5=88=A4=E6=96=AD?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: yangbiao59 <yangbiao59@h-partners.com>
---
 .../js/src/mod_fs/class_watcher/fs_file_watcher.cpp  | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/interfaces/kits/js/src/mod_fs/class_watcher/fs_file_watcher.cpp b/interfaces/kits/js/src/mod_fs/class_watcher/fs_file_watcher.cpp
index 9f77d49df..e411c3e6a 100644
--- a/interfaces/kits/js/src/mod_fs/class_watcher/fs_file_watcher.cpp
+++ b/interfaces/kits/js/src/mod_fs/class_watcher/fs_file_watcher.cpp
@@ -202,6 +202,18 @@ void FsFileWatcher::ReadNotifyEvent()
 
     while (index < len) {
         event = reinterpret_cast<inotify_event *>(buf + index);
+        if ((len - index) < sizeof(struct inotify_event)) {
+            HILOGE("out of bounds access, len:%{public}d, index: %{public}d, inotify: %{public}zu",
+                   len, index, sizeof(struct inotify_event));
+            break;
+        }
+        if (event->len > (static_cast<unsigned int>(len - index - sizeof(struct inotify_event)))) {
+            HILOGE("out of bounds access, index: %{public}d, inotify: %{public}zu, "
+                   "event :%{public}u, len: %{public}d",
+                   index, sizeof(struct inotify_event),
+                   event->len, len);
+            break;
+        }
         NotifyEvent(event);
         index += sizeof(struct inotify_event) + static_cast<int32_t>(event->len);
     }
-- 
Gitee