diff --git a/frameworks/accesstoken/src/hap_token_info_for_sync_parcel.cpp b/frameworks/accesstoken/src/hap_token_info_for_sync_parcel.cpp
index 89766e8710ea91aff07ed7885a5e1ff45238738d..68e2ffbf40d6f31ab93baf01e19e45a9e7a26a89 100644
--- a/frameworks/accesstoken/src/hap_token_info_for_sync_parcel.cpp
+++ b/frameworks/accesstoken/src/hap_token_info_for_sync_parcel.cpp
@@ -18,6 +18,7 @@
 #include "parcel_utils.h"
 #include "permission_state_full_parcel.h"
 
+#define MAX_PERMLIST_SIZE 256
 namespace OHOS {
 namespace Security {
 namespace AccessToken {
@@ -30,7 +31,9 @@ bool HapTokenInfoForSyncParcel::Marshalling(Parcel& out) const
     const std::vector<PermissionStateFull>& permStateList = this->hapTokenInfoForSyncParams.permStateList;
     int32_t permStateListSize = static_cast<int32_t>(permStateList.size());
     RETURN_IF_FALSE(out.WriteInt32(permStateListSize));
-
+    if(permStateListSize > MAX_PERMLIST_SIZE) {
+        return false;
+    }
     for (int i = 0; i < permStateListSize; i++) {
         PermissionStateFullParcel permStateParcel;
         permStateParcel.permStatFull = permStateList[i];