Filter NewSubfileType / SubIFDs from extra_tags leakage (#1657)

[brendancol]

Summary

Fixes #1657. Reading a TIFF overview level or any TIFF carrying tag 254 (NewSubfileType) or 330 (SubIFDs) used to leak those tags into the returned DataArray's attrs['extra_tags'] because neither was in _MANAGED_TAGS. A subsequent to_geotiff or write_geotiff_gpu call then re-emitted them onto the output IFD, producing two distinct corruption modes:

• NewSubfileType=1 written onto the primary IFD, so GDAL / rasterio filter the output away when looking for the primary image.
• SubIFDs with stale absolute byte offsets pointing into the new file's pixel data, crashing readers that follow the chain.

All four backends (numpy, dask, cupy, dask+cupy) leaked identically since they share _populate_attrs_from_geo_info.

Fix

• Add TAG_NEW_SUBFILE_TYPE and TAG_SUB_IFDS to _MANAGED_TAGS in _geotags.py so neither is collected into GeoInfo.extra_tags on read.
• Add a new _DANGEROUS_EXTRA_TAG_IDS frozenset in _writer.py and skip the same two IDs in both extra_tags emission loops (_assemble_tiff and write_streaming). This is a belt-and-braces guard against caller-supplied dangerous attrs['extra_tags'].
• 11 regression tests covering read overview on all four backends, SubIFDs leak from a multi-page source, round-trip overview -> write on three backends, and writer-side filtering of caller-supplied dangerous extra_tags (with a benign Software (305) canary to confirm the filter is not too aggressive).

Test plan

• All 11 new regression tests pass on numpy / dask / cupy / dask+cupy
• Full xrspatial/geotiff/tests/ suite still passes (1477 passed, 7 skipped, no regressions)
• End-to-end probe: read overview level 1 then to_geotiff produces a primary IFD with no NewSubfileType and no SubIFDs

Context

Caught by the /sweep-metadata audit (Cat 1 attrs + Cat 5 cross-backend consistency). The leak was identical on all four backends -- numpy, dask, cupy, dask+cupy -- because the extra_tags field travels through the shared _populate_attrs_from_geo_info helper.

[Copilot]

Pull request overview

Fixes GeoTIFF metadata corruption caused by NewSubfileType (254) and SubIFDs (330) leaking through attrs['extra_tags'] on read and being re-emitted on write, which could mis-mark the primary IFD as an overview and/or write stale absolute SubIFD offsets.

Changes:

• Filter NewSubfileType and SubIFDs out of read-side extra_tags by adding them to _MANAGED_TAGS.
• Add a writer-side “belt-and-braces” denylist (_DANGEROUS_EXTRA_TAG_IDS) to prevent caller-supplied extra_tags from emitting these IDs.
• Add regression tests covering overview reads across backends, SubIFDs leak prevention, and writer-side filtering behavior.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
xrspatial/geotiff/tests/test_extra_tags_safe_filter_1657.py	New regression coverage to ensure tags 254/330 don’t leak into attrs['extra_tags'] and aren’t re-emitted on write.
xrspatial/geotiff/_writer.py	Filters dangerous tag IDs from extra_tags emission in _assemble_tiff and write_streaming.
xrspatial/geotiff/_header.py	Adds TAG_SUB_IFDS = 330 constant for shared tag ID usage.
xrspatial/geotiff/_geotags.py	Treats TAG_NEW_SUBFILE_TYPE and TAG_SUB_IFDS as managed so they don’t flow into GeoInfo.extra_tags.
.claude/sweep-metadata-state.csv	Updates audit state record to reflect issue #1657 as inspected/fixed.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.