// by the standard library.
package ioutil

import (
	"errors"
	"io"
)

// ErrOverread is returned to the reader when the hard limit of HardLimitReader is exceeded.
var ErrOverread = errors.New("input provided more bytes than specified")

// HardLimitReader returns a Reader that reads from r
// but returns an error if the source provides more data than allowed.

// Calling Close on this will close upstream.
func NewChecker(rc io.ReadCloser, h hash.Hash, wantSum []byte, length int64) *Checker {
	return &Checker{c: rc, r: ioutil.HardLimitReader(rc, length), h: h, want: wantSum}
}

// Read satisfies io.Reader
func (c Checker) Read(p []byte) (n int, err error) {
	n, err = c.r.Read(p)
	if n > 0 {
		c.h.Write(p[:n])
	}
	if errors.Is(err, io.EOF) {

		r.checksum = MD5
		r.contentSHA256 = SHA256
		if r.size < 0 && size >= 0 {
			r.src = etag.Wrap(ioutil.HardLimitReader(r.src, size), r.src)
			r.size = size
		}
		if r.actualSize <= 0 && actualSize >= 0 {
			r.actualSize = actualSize
		}
		return r, nil
	}

	if size >= 0 {
		r := ioutil.HardLimitReader(src, size)
		if !disableMD5 {
			if _, ok := src.(etag.Tagger); !ok {

	ctx := r.Context()

	objectAPI, creds := validateAdminReq(ctx, w, r, policy.StartBatchJobAction)
	if objectAPI == nil {
		return
	}

	buf, err := io.ReadAll(xioutil.HardLimitReader(r.Body, humanize.MiByte*4))
	if err != nil {
		writeErrorResponseJSON(ctx, w, toAPIError(ctx, err), r.URL)
		return
	}

	user := creds.AccessKey
	if creds.ParentUser != "" {

			bytebufferpool.Put(buf)
		}()

		md5w := md5.New()

		// Maximum allowed fan-out object size.
		const maxFanOutSize = 16 << 20

		n, err := io.Copy(io.MultiWriter(buf, md5w), ioutil.HardLimitReader(pReader, maxFanOutSize))
		if err != nil {
			writeErrorResponse(ctx, w, toAPIError(ctx, err), r.URL)
			return
		}

		// Set the correct hex md5sum for the fan-out stream.