#read #limit


Restrict the number of bytes read from a reader

4 releases (2 breaking)

0.3.0 Dec 1, 2020
0.2.0 May 11, 2020
0.1.1 May 9, 2020
0.1.0 May 9, 2020

#501 in Rust patterns

48 downloads per month
Used in imserious


164 lines

Cargo Documentation CI


Enforce a strict limit on the number of bytes read from a Read with an error when exceeded.


pub fn read<P: AsRef<Path>>(path: P, restriction: usize) -> io::Result<Vec<u8>>;
pub fn read_to_string<P: AsRef<Path>>(path: P, restriction: usize) -> io::Result<String>;

pub trait ReadExt {
    fn restrict(self, restriction: u64) -> Restrict<Self>;

impl<R: Read> ReadExt for R {}

impl<T> Restrict<T> {
    pub fn restriction(&self) -> u64;
    pub fn set_restriction(&mut self, restriction: u64);
    pub fn into_inner(self) -> T;
    pub fn get_ref(&self) -> &T;
    pub fn get_mut(&mut self) -> &mut T;

impl<T: Read> Read for Restrict<T> {}
impl<T: BufRead> BufRead for Restrict<T> {}


An adaptor around Rust's standard io::Take which instead of returning Ok(0) when the read limit is exceeded, instead returns an error of of the kind ErrorKind::InvalidData.

This is intended for enforcing explicit input limits when simply truncating with take could result in incorrect behaviour.

read_restrict also offers restricted variants of std::fs::read and std::fs::read_to_string, to conveniently prevent unbounded reads of overly-large files.


use std::io::{Read, Result, ErrorKind};
use read_restrict::ReadExt;

fn main() -> Result<()> {
    let f = std::fs::File::open("foo.txt")?;
    let mut handle = f.restrict(5);
    let mut buf = [0; 8];
    assert_eq!(5, handle.read(&mut buf)?); // reads at most 5 bytes
    assert_eq!(0, handle.restriction()); // is now exhausted
    assert_eq!(ErrorKind::InvalidData, handle.read(&mut buf).unwrap_err().kind());

Or more realistically:

use read_restrict::ReadExt;

fn main() -> std::io::Result<()> {
    let input = std::fs::File::open("foo.json")?;
    let input = std::io::BufReader::new(input); // buffer for performance
    let input = input.restrict(640 * 1024); // 640k should be enough JSON for anyone
    let _data = serde_json::from_reader(input)?;

Or even better:

fn main() -> std::io::Result<()> {
    let input = read_restrict::read_to_string("foo.json", 640 * 1024)?;
    let _data = serde_json::from_str(input)?;

No runtime deps