diff --git a/interfaces/innerkits/appexecfwk_base/include/appexecfwk_errors.h b/interfaces/innerkits/appexecfwk_base/include/appexecfwk_errors.h
index 5c9d2a9da3c9abddb6a24f837e893bdfdd561803..4003622e9f68b4172c48a25573675641ead0366d 100644
--- a/interfaces/innerkits/appexecfwk_base/include/appexecfwk_errors.h
+++ b/interfaces/innerkits/appexecfwk_base/include/appexecfwk_errors.h
@@ -119,6 +119,7 @@ enum {
     ERR_APPEXECFWK_PARSE_PROFILE_MISSING_PROP,
     ERR_APPEXECFWK_PARSE_PERMISSION_ERROR,
     ERR_APPEXECFWK_PARSE_PROFILE_PROP_CHECK_ERROR,
+    ERR_APPEXECFWK_PARSE_PROFILE_PROP_SIZE_CHECK_ERROR,
     ERR_APPEXECFWK_PARSE_RPCID_FAILED,
 
     ERR_APPEXECFWK_INSTALLD_PARAM_ERROR,
diff --git a/interfaces/innerkits/appexecfwk_base/include/bundle_constants.h b/interfaces/innerkits/appexecfwk_base/include/bundle_constants.h
index bc65f1281590b70ac5c442783aa0f03aaede6419..1ef4591c82450426f829a6e5f391be9cdc27424c 100644
--- a/interfaces/innerkits/appexecfwk_base/include/bundle_constants.h
+++ b/interfaces/innerkits/appexecfwk_base/include/bundle_constants.h
@@ -175,6 +175,8 @@ constexpr uint8_t MAX_MODULE_ABILITIES_READPERMISSION = 255;
 constexpr uint8_t MAX_MODULE_ABILITIES_WRITEPERMISSION = 255;
 constexpr uint8_t MAX_MODULE_SHORTCUTID = 63;
 constexpr uint8_t MAX_MODULE_LABEL = 63;
+constexpr uint8_t MAX_JSON_ELEMENT_LENGTH = 255;
+constexpr uint16_t MAX_JSON_ARRAY_LENGTH = 512;
 // max number of haps under one direction
 constexpr uint8_t MAX_HAP_NUMBER = 128;
 
diff --git a/interfaces/innerkits/appexecfwk_base/include/json_util.h b/interfaces/innerkits/appexecfwk_base/include/json_util.h
index 0f8815ddf316f00642faf2b269a619cca2b33234..f4e97569310b498dfcece732f7083a5eb5c44193 100644
--- a/interfaces/innerkits/appexecfwk_base/include/json_util.h
+++ b/interfaces/innerkits/appexecfwk_base/include/json_util.h
@@ -48,6 +48,10 @@ void CheckArrayType(
     if (arrays.empty()) {
         return;
     }
+    if (arrays.size() > Constants::MAX_JSON_ARRAY_LENGTH) {
+        parseResult = ERR_APPEXECFWK_PARSE_PROFILE_PROP_SIZE_CHECK_ERROR;
+        return;
+    }
     switch (arrayType) {
         case ArrayType::STRING:
             for (const auto &array : arrays) {
@@ -141,6 +145,9 @@ void GetValueIfFindKey(const nlohmann::json &jsonObject, const nlohmann::detail:
                     break;
                 }
                 data = jsonObject.at(key).get<T>();
+                if (jsonObject.at(key).get<std::string>().length() > Constants::MAX_JSON_ELEMENT_LENGTH) {
+                    parseResult = ERR_APPEXECFWK_PARSE_PROFILE_PROP_SIZE_CHECK_ERROR;
+                }
                 break;
             case JsonType::NULLABLE:
                 APP_LOGE("type is error %{public}s is nullable", key.c_str());
@@ -183,4 +190,4 @@ bool ParseInfoFromJsonStr(const char *data, T &t)
 }
 }  // namespace AppExecFwk
 }  // namespace OHOS
-#endif  // FOUNDATION_APPEXECFWK_INTERFACES_INNERKITS_APPEXECFWK_BASE_INCLUDE_JSON_UTIL_H
\ No newline at end of file
+#endif  // FOUNDATION_APPEXECFWK_INTERFACES_INNERKITS_APPEXECFWK_BASE_INCLUDE_JSON_UTIL_H
diff --git a/interfaces/innerkits/appexecfwk_core/include/bundlemgr/status_receiver_interface.h b/interfaces/innerkits/appexecfwk_core/include/bundlemgr/status_receiver_interface.h
index 43119a3e74e95a44807c9616957e527e5ba7320e..0af93d472d36f8761adf70d48a0e2b81fec53c4e 100644
--- a/interfaces/innerkits/appexecfwk_core/include/bundlemgr/status_receiver_interface.h
+++ b/interfaces/innerkits/appexecfwk_core/include/bundlemgr/status_receiver_interface.h
@@ -107,6 +107,7 @@ public:
         ERR_INSTALL_PARSE_PROFILE_MISSING_PROP,
         ERR_INSTALL_PARSE_PERMISSION_ERROR,
         ERR_INSTALL_PARSE_PROFILE_PROP_CHECK_ERROR,
+        ERR_INSTALL_PARSE_PROFILE_PROP_SIZE_CHECK_ERROR,
         ERR_INSTALL_PARSE_RPCID_FAILED,
 
         ERR_INSTALLD_PARAM_ERROR,
@@ -144,4 +145,4 @@ public:
 };
 }  // namespace AppExecFwk
 }  // namespace OHOS
-#endif  // FOUNDATION_APPEXECFWK_INTERFACES_INNERKITS_APPEXECFWK_CORE_INCLUDE_BUNDLEMGR_STATUS_RECEIVER_INTERFACE_H
\ No newline at end of file
+#endif  // FOUNDATION_APPEXECFWK_INTERFACES_INNERKITS_APPEXECFWK_CORE_INCLUDE_BUNDLEMGR_STATUS_RECEIVER_INTERFACE_H
diff --git a/interfaces/innerkits/appexecfwk_core/src/bundlemgr/bundle_status_callback_proxy.cpp b/interfaces/innerkits/appexecfwk_core/src/bundlemgr/bundle_status_callback_proxy.cpp
index 98ec64ff588904d1ee77790dc387d79c90aef343..f6e9dc17e609224e30049e9fbd3a0e2737dfa3d6 100644
--- a/interfaces/innerkits/appexecfwk_core/src/bundlemgr/bundle_status_callback_proxy.cpp
+++ b/interfaces/innerkits/appexecfwk_core/src/bundlemgr/bundle_status_callback_proxy.cpp
@@ -196,6 +196,8 @@ std::string TransformResult(ErrCode resultCode)
             return "ERR_APPEXECFWK_INSTALL_NOT_UNIQUE_DISTRO_MODULE_NAME";
         case ERR_APPEXECFWK_INSTALL_INCONSISTENT_MODULE_NAME:
             return "ERR_APPEXECFWK_INSTALL_INCONSISTENT_MODULE_NAME";
+        case ERR_APPEXECFWK_PARSE_PROFILE_PROP_SIZE_CHECK_ERROR:
+            return "ERR_APPEXECFWK_PARSE_PROFILE_PROP_SIZE_CHECK_ERROR";
         default:
             return "";
     }
diff --git a/interfaces/innerkits/appexecfwk_core/src/bundlemgr/status_receiver_proxy.cpp b/interfaces/innerkits/appexecfwk_core/src/bundlemgr/status_receiver_proxy.cpp
index 4b85beacadedc5181f130bb96803b43dd679bcda..a99eaee8d6f8f38b7fe7b99fdfb7e01387f38e69 100644
--- a/interfaces/innerkits/appexecfwk_core/src/bundlemgr/status_receiver_proxy.cpp
+++ b/interfaces/innerkits/appexecfwk_core/src/bundlemgr/status_receiver_proxy.cpp
@@ -97,6 +97,7 @@ const std::string MSG_ERR_INSTALL_PARSE_PROFILE_PROP_TYPE_ERROR = "[ERR_INSTALL_
 const std::string MSG_ERR_INSTALL_PARSE_PROFILE_MISSING_PROP = "[ERR_INSTALL_PARSE_PROFILE_MISSING_PROP]";
 const std::string MSG_ERR_INSTALL_PARSE_PERMISSION_ERROR = "[ERR_INSTALL_PARSE_PERMISSION_ERROR]";
 const std::string MSG_ERR_INSTALL_PARSE_PROFILE_PROP_CHECK_ERROR = "[ERR_INSTALL_PARSE_PROFILE_PROP_CHECK_ERROR]";
+const std::string MSG_ERR_INSTALL_PARSE_PROFILE_PROP_SIZE_CHECK_ERROR = "[ERR_INSTALL_PARSE_PROFILE_PROP_SIZE_CHECK_ERROR]";
 const std::string MSG_ERR_INSTALL_PARSE_RPCID_FAILED = "[ERR_INSTALL_PARSE_RPCID_FAILED]";
 
 const std::string MSG_ERR_INSTALLD_CLEAN_DIR_FAILED = "[MSG_ERR_INSTALLD_CLEAN_DIR_FAILED]";
@@ -253,6 +254,9 @@ const std::map<int32_t, struct ReceivedResult> MAP_RECEIVED_RESULTS {
         {IStatusReceiver::ERR_INSTALL_PARSE_PERMISSION_ERROR, MSG_ERR_INSTALL_PARSE_PERMISSION_ERROR}},
     {ERR_APPEXECFWK_PARSE_PROFILE_PROP_CHECK_ERROR,
         {IStatusReceiver::ERR_INSTALL_PARSE_PROFILE_PROP_CHECK_ERROR, MSG_ERR_INSTALL_PARSE_PROFILE_PROP_CHECK_ERROR}},
+    {ERR_APPEXECFWK_PARSE_PROFILE_PROP_SIZE_CHECK_ERROR,
+        {IStatusReceiver::ERR_INSTALL_PARSE_PROFILE_PROP_SIZE_CHECK_ERROR,
+            MSG_ERR_INSTALL_PARSE_PROFILE_PROP_SIZE_CHECK_ERROR}},
     {ERR_APPEXECFWK_PARSE_RPCID_FAILED,
         {IStatusReceiver::ERR_INSTALL_PARSE_RPCID_FAILED, MSG_ERR_INSTALL_PARSE_RPCID_FAILED}},
 
@@ -401,4 +405,4 @@ void StatusReceiverProxy::TransformResult(const int32_t resultCode)
     APP_LOGD("result transformed is %{public}d, %{public}s", resultCode_, resultMsg_.c_str());
 }
 }  // namespace AppExecFwk
-}  // namespace OHOS
\ No newline at end of file
+}  // namespace OHOS
diff --git a/kits/appkit/napi/bundlemgr/bundle_mgr.cpp b/kits/appkit/napi/bundlemgr/bundle_mgr.cpp
index 7120b3baf4f3ab29587c56c33d3b835e8f96a6cb..d96c35490509d1877214ee2b894c8a2b3095cc64 100644
--- a/kits/appkit/napi/bundlemgr/bundle_mgr.cpp
+++ b/kits/appkit/napi/bundlemgr/bundle_mgr.cpp
@@ -2702,6 +2702,7 @@ static void ConvertInstallResult(InstallResult &installResult)
         case static_cast<int32_t>(IStatusReceiver::ERR_INSTALL_FAILED_NO_PROFILE_BLOCK_FAIL):
         case static_cast<int32_t>(IStatusReceiver::ERR_INSTALL_FAILED_BUNDLE_SIGNATURE_VERIFICATION_FAILURE):
         case static_cast<int32_t>(IStatusReceiver::ERR_INSTALL_FAILED_VERIFY_SOURCE_INIT_FAIL):
+        case static_cast<int32_t>(IStatusReceiver::ERR_INSTALL_PARSE_PROFILE_PROP_SIZE_CHECK_ERROR):
             installResult.resultCode = static_cast<int32_t>(InstallErrorCode::STATUS_INSTALL_FAILURE_INVALID);
             installResult.resultMsg = "STATUS_INSTALL_FAILURE_INVALID";
             break;
@@ -6364,4 +6365,4 @@ void CreateExtensionAbilityTypeObject(napi_env env, napi_value value)
     NAPI_CALL_RETURN_VOID(env, napi_set_named_property(env, value, "UNSPECIFIED", nUnspecified));
 }
 }  // namespace AppExecFwk
-}  // namespace OHOS
\ No newline at end of file
+}  // namespace OHOS