Struct Limits 

pub struct Limits {
    pub max_metadata_size: u32,
    pub max_path_len: Option<u32>,
    pub max_pending_entries: usize,
    pub max_sparse_entries: usize,
}

Configurable security limits for tar archive parsing.

These limits protect against malicious or malformed archives that could exhaust memory or create excessively long paths.

Example

use tar_core::parse::Limits;

// Use defaults
let limits = Limits::default();

// Customize limits
let limits = Limits {
    max_metadata_size: 64 * 1024,
    // Set to libc::PATH_MAX when extracting to disk
    max_path_len: Some(4096),
    ..Default::default()
};

Fields

max_metadata_size: u32

Maximum total size of all extension metadata for a single entry, in bytes.

This is an aggregate budget: the combined size of PAX extended headers, GNU long name, and GNU long link data for one file entry must not exceed this limit. Exceeding it will cause a ParseError::MetadataTooLarge error.

Default: 1 MiB (1,048,576 bytes).

max_path_len: Option<u32>

Optional maximum path length in bytes.

When set, paths and link targets exceeding this limit will cause a ParseError::PathTooLong error. When None, no path length check is performed (the default).

Callers extracting to a real filesystem should set this to libc::PATH_MAX (4096 on Linux, 1024 on macOS) or the appropriate platform constant.

Default: None.

max_pending_entries: usize

Maximum number of consecutive metadata entries before an actual entry.

Prevents infinite loops from malformed archives that contain only metadata entries (GNU long name, PAX headers) without actual file entries. Exceeding this limit will cause a ParseError::TooManyPendingEntries error.

Default: 16 entries.

max_sparse_entries: usize

Maximum number of sparse data entries (chunks) in a sparse file.

Prevents unbounded memory allocation from a malicious archive that claims an enormous number of sparse regions (see CVE-2025-58183 for a similar issue in Go’s archive/tar).

For old GNU sparse format, each 512-byte extension block holds 21 descriptors, so 1000 entries requires ~48 extension blocks (~24 KiB).

Default: 10000.

Implementations

impl Limits

pub fn new() -> Self

Create a new Limits with default values.

pub fn permissive() -> Self

Create permissive limits suitable for trusted archives.

This sets very high limits that effectively disable most checks. Only use this for archives from trusted sources.

pub fn check_path_len(&self, len: usize) -> Result<()>

Check a path length against the configured limit.

Returns Ok(()) if the path is within the limit (or no limit is set), or Err(ParseError::PathTooLong) if it exceeds it.

Trait Implementations

impl Clone for Limits

fn clone(&self) -> Limits

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for Limits

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for Limits

fn default() -> Self

Returns the “default value” for a type.

impl PartialEq for Limits

fn eq(&self, other: &Limits) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl Eq for Limits

impl StructuralPartialEq for Limits