Add allocation guards to GPU read and VRT read paths#1196
Merged
brendancol merged 4 commits intomasterfrom Apr 15, 2026
Merged
Conversation
Two security fixes for the geotiff subpackage: 1. Add a configurable max_pixels guard to read_to_array() and all internal read functions (_read_strips, _read_tiles, _read_cog_http). A crafted TIFF with fabricated header dimensions could previously trigger multi-TB allocations. The default limit is 1 billion pixels (~4 GB for float32 single-band), overridable via max_pixels kwarg. Fixes #1184. 2. Canonicalize VRT source filenames with os.path.realpath() after resolving relative paths. Previously, a VRT file with "../" in SourceFilename could read arbitrary files outside the VRT directory. Fixes #1185.
os.path.realpath() converts Unix-style paths to Windows paths on Windows (e.g. /data/tile.tif becomes D:\data\tile.tif). Use os.path.realpath() in the assertion so it matches the production code's canonicalization on all platforms.
_check_dimensions() was added to CPU read paths in 521956a but missed two allocation sites: read_geotiff_gpu() allocated from IFD dimensions without a pixel limit, and read_vrt() allocated from VRT XML dimensions without one. Both now call _check_dimensions() before allocating. Adds max_pixels kwarg to open_geotiff, read_geotiff_gpu, and read_vrt for consistency with read_to_array.
Resolve add/add conflict in test_security.py by keeping the GPU-read and VRT allocation guard tests from this branch alongside the base security tests that landed on master via #1189.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #1195.
Summary
read_geotiff_gpu()now calls_check_dimensions()before passing IFD dimensions to GPU decode functionsread_vrt()now calls_check_dimensions()before allocating the output array from VRT XML dimensionsopen_geotiff,read_geotiff_gpu, andread_vrtaccept amax_pixelskwarg, consistent withread_to_arrayBoth paths were missed by 521956a, which only guarded the CPU read functions.
Test plan
test_open_geotiff_max_pixels-- verifiesmax_pixelsflows throughopen_geotiffto CPU readertest_read_vrt_rejects_huge_dimensions-- VRT with 100k x 100k dims rejectedtest_read_vrt_normal_size_ok-- 4x4 VRT passes guardtest_open_geotiff_vrt_max_pixels-- verifiesmax_pixelsflows throughopen_geotiffto VRT reader