diff --git a/frameworks/accesstoken/src/hap_token_info_for_sync_parcel.cpp b/frameworks/accesstoken/src/hap_token_info_for_sync_parcel.cpp
index 89766e8710ea91aff07ed7885a5e1ff45238738d..e2873bab3d0b7b35c343e5111de0b8ea5d31ece6 100644
--- a/frameworks/accesstoken/src/hap_token_info_for_sync_parcel.cpp
+++ b/frameworks/accesstoken/src/hap_token_info_for_sync_parcel.cpp
@@ -30,7 +30,9 @@ bool HapTokenInfoForSyncParcel::Marshalling(Parcel& out) const
     const std::vector<PermissionStateFull>& permStateList = this->hapTokenInfoForSyncParams.permStateList;
     int32_t permStateListSize = static_cast<int32_t>(permStateList.size());
     RETURN_IF_FALSE(out.WriteInt32(permStateListSize));
-
+    if(permStateListSize > MAX_PERMLIST_SIZE) {
+        return false;
+    }
     for (int i = 0; i < permStateListSize; i++) {
         PermissionStateFullParcel permStateParcel;
         permStateParcel.permStatFull = permStateList[i];
diff --git a/frameworks/accesstoken/src/native_token_info_for_sync_parcel.cpp b/frameworks/accesstoken/src/native_token_info_for_sync_parcel.cpp
index 541bbea1d858d90fe39cca12f7b394c5a978514d..10adc93e0cb4ef59289cb3627cbe2a346c9de799 100644
--- a/frameworks/accesstoken/src/native_token_info_for_sync_parcel.cpp
+++ b/frameworks/accesstoken/src/native_token_info_for_sync_parcel.cpp
@@ -30,7 +30,9 @@ bool NativeTokenInfoForSyncParcel::Marshalling(Parcel& out) const
     const std::vector<PermissionStateFull>& permStateList = this->nativeTokenInfoForSyncParams.permStateList;
     int32_t permStateListSize = static_cast<int32_t>(permStateList.size());
     RETURN_IF_FALSE(out.WriteInt32(permStateListSize));
-
+    if(permStateListSize > MAX_PERMLIST_SIZE) {
+        return false;
+    }
     for (int i = 0; i < permStateListSize; i++) {
         PermissionStateFullParcel permStateParcel;
         permStateParcel.permStatFull = permStateList[i];
diff --git a/frameworks/common/include/parcel_utils.h b/frameworks/common/include/parcel_utils.h
index ddc87d6884a0999ed97cdef2bd329fb517a354d9..d6b7e8b6b56f3dbc7133fad4555428a10f0d36d9 100644
--- a/frameworks/common/include/parcel_utils.h
+++ b/frameworks/common/include/parcel_utils.h
@@ -15,6 +15,7 @@
 
 #ifndef PARCEL_UTILS_H
 #define PARCEL_UTILS_H
+#define MAX_PERMLIST_SIZE 256
 namespace OHOS {
 namespace Security {
 namespace AccessToken {