[BUGFIX] Check simplexml return type in ImageInfo

According to the php documentation[1] simplexml_load_file may return
false on failure. We need to check for this before we call the
attributes method on the expected SimpleXMLElement.

[1] http://php.net/manual/en/function.simplexml-load-file.php

Resolves: #79881
Releases: master, 8.7
Change-Id: Ic84710ab56796e9aafc5a85c8e41d7b08a676e0c
Reviewed-on: https://review.typo3.org/51735


Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Susanne Moog <susanne.moog@typo3.org>
Tested-by: Susanne Moog <susanne.moog@typo3.org>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>

typo3/sysext/core/Classes/Type/File/ImageInfo.php

@@ -92,7 +92,13 @@ class ImageInfo extends FileInfo implements LoggerAwareInterface
         $fileContent = file_get_contents($this->getPathname());
         // Disables the functionality to allow external entities to be loaded when parsing the XML, must be kept
         $previousValueOfEntityLoader = libxml_disable_entity_loader(true);
-        $xml = simplexml_load_string($fileContent);
+        $xml = simplexml_load_string($fileContent, 'SimpleXMLElement', LIBXML_NOERROR);
+
+        // If something went wrong with simpleXml don't try to read information
+        if ($xml === false) {
+            return false;
+        }
+
         libxml_disable_entity_loader($previousValueOfEntityLoader);
         $xmlAttributes = $xml->attributes();
 

typo3/sysext/core/Tests/Unit/Type/File/ImageInfoTest.php

 <?php
+
 namespace TYPO3\CMS\Core\Tests\Unit\Type\File;
 
 /*
@@ -14,18 +15,54 @@ namespace TYPO3\CMS\Core\Tests\Unit\Type\File;
  * The TYPO3 project - inspiring people to share!
  */
 
+use org\bovigo\vfs\vfsStream;
+use TYPO3\CMS\Core\Imaging\GraphicalFunctions;
+use TYPO3\CMS\Core\Type\File\ImageInfo;
+use TYPO3\CMS\Core\Utility\GeneralUtility;
+
 /**
  * Test case
  */
 class ImageInfoTest extends \TYPO3\TestingFramework\Core\Unit\UnitTestCase
 {
+
     /**
      * @test
      */
     public function classImageInfoCanBeInstantiated()
     {
-        $className = 'TYPO3\CMS\Core\Type\File\ImageInfo';
+        $className = \TYPO3\CMS\Core\Type\File\ImageInfo::class;
         $classInstance = new \TYPO3\CMS\Core\Type\File\ImageInfo('FooFileName');
         $this->assertInstanceOf($className, $classInstance);
     }
+
+    /**
+     * @test
+     */
+    public function doesNotBreakOnImageInfoWithInvalidSvg()
+    {
+        $root = vfsStream::setup('root');
+        $testFile = 'test.svg';
+        vfsStream::newFile($testFile)->at($root)->setContent('Invalid XML.');
+
+        $GLOBALS['TYPO3_CONF_VARS']['SYS']['FileInfo']['fileExtensionToMimeType'] = [
+            'svg' => 'image/svg+xml',
+            'youtube' => 'video/youtube',
+            'vimeo' => 'video/vimeo',
+        ];
+
+        $graphicalFunctionsProphecy = $this->prophesize(GraphicalFunctions::class);
+        $graphicalFunctionsProphecy->imageMagickIdentify($root->url() . '/' . $testFile)->willReturn(null);
+
+        $imageInfoProphecy = $this->prophesize(ImageInfo::class)
+            ->willBeConstructedWith([$root->url() . '/' . $testFile]);
+        $imageInfoProphecy->getGraphicalFunctions()->willReturn($graphicalFunctionsProphecy->reveal());
+
+        GeneralUtility::addInstance(GraphicalFunctions::class, $graphicalFunctionsProphecy->reveal());
+
+        $imageInfo = new ImageInfo($root->url() . '/' . $testFile);
+
+        $this->assertEquals(0, $imageInfo->getWidth());
+        $this->assertEquals(0, $imageInfo->getHeight());
+    }
 }