You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The stripped branch of _fetch_decode_cog_http_tiles in xrspatial/geotiff/_reader.py (around line 2003) calls source.read_all() and then slices the decoded array. Two issues:
A windowed HTTP read of a stripped multi-billion-pixel COG still downloads the whole raster. The tiled branch a few lines below explicitly promises otherwise: "A windowed HTTP read of a multi-billion-pixel COG only allocates the window." The stripped path silently violates that.
Fix: for stripped HTTP files with a non-None window, fetch only the byte ranges of strips intersecting [r0:r1] via read_ranges_coalesced (same as the tiled path), decode them, and place the result into a windowed output. Apply max_pixels to the windowed (r1-r0)*(c1-c0)*samples allocation, not the full image. When window is None, keep the full read but pass max_pixels into _read_strips so the dimension check honours the caller's cap.
The stripped branch of
_fetch_decode_cog_http_tilesinxrspatial/geotiff/_reader.py(around line 2003) callssource.read_all()and then slices the decoded array. Two issues:A windowed HTTP read of a stripped multi-billion-pixel COG still downloads the whole raster. The tiled branch a few lines below explicitly promises otherwise: "A windowed HTTP read of a multi-billion-pixel COG only allocates the window." The stripped path silently violates that.
The caller's
max_pixelsis dropped._read_stripsruns with its defaultMAX_PIXELS_DEFAULT(1 billion), so a 50x50 window read withmax_pixels=2500against a 100k x 100k stripped image raisesPixelSafetyLimitErrorif the file declares over a billion pixels, and gets no safety check otherwise. Neither matches the tiled branch behaviour from Apply tile byte cap to local files + SSRF hardening on HTTP geotiff reads #1664 / VRT source reads with small max_pixels reject normal-tile sources #1823.Fix: for stripped HTTP files with a non-None window, fetch only the byte ranges of strips intersecting
[r0:r1]viaread_ranges_coalesced(same as the tiled path), decode them, and place the result into a windowed output. Applymax_pixelsto the windowed(r1-r0)*(c1-c0)*samplesallocation, not the full image. When window is None, keep the full read but passmax_pixelsinto_read_stripsso the dimension check honours the caller's cap.Related: #1664, #1823.