PHP 8.5: Incorrect array access in `wp_read_image_metadata`

[swissspidy]

Parent ticket for all things PHP 8.5: #63061

---

In recent WP-CLI media tests I noticed a "Cannot use bool as array" error in wp_read_image_metadata in PHP 8.5.

That function uses wp_getimagesize without checking whether it returned false or an array.

Moving to milestone for consideration/visibility, but might be a candidate for 6.9.1.

Trac ticket: https://core.trac.wordpress.org/ticket/64295

[palak678]

I ran a quick test using WordPress 6.8.3 with PHP 8.4, and tried uploading a corrupted JPEG file to reproduce the behavior described in this ticket.

Here’s what I found:

getimagesize() throws warnings about corrupted JPEG data

exif_read_data() also reports corruption (invalid COM section, broken structure, etc.)

No fatal errors, but the metadata handling definitely breaks in the same way mentioned in the ticket

Log output for reference:

PHP Warning: getimagesize(): Corrupt JPEG data: 138 extraneous bytes before marker
PHP Notice: exif_read_data(): Image has corrupt COM section: wrong length information
PHP Warning: exif_read_data(): File structure corrupted
PHP Warning: exif_read_data(): Invalid JPEG file

So the issue is definitely reproducible on PHP 8.4.
The ticket still needs a patch to prevent array-access warnings when wp_getimagesize() returns false.

Happy to re-test once a patch is available!

[swissspidy]

There is already a patch above... and the warning lccurs on PHP 8.5

[adamsilverstein]

Fix looks good and makes sense.

In recent WP-CLI media tests I noticed a "Cannot use bool as array" error in wp_read_image_metadata in PHP 8.5.

Can we add a similar test to core that fails before your patch?

[welcher]

This was discussed in the bug scrub today. This can be committed.

[adamsilverstein]

In recent WP-CLI media tests I noticed a "Cannot use bool as array" error in wp_read_image_metadata in PHP 8.5.

@swissspidy which test failed?

[johnbillion]

In 61291:

Media: Account for boolean false being returned by wp_getimagesize() when dealing with potentially invalid images in wp_read_image_metadata().

Prior to PHP 8.5 a boolean value was silently ignored when being passed to list(), but in PHP 8.5 and higher this now triggers a PHP warning. This change adds an appropriate guard condition.

Props swissspidy, adamsilverstein

Fixes #64295

[johnbillion]

Reopening to request backport of [61291] to the 6.9 branch.

[swissspidy]

@adamsilverstein You can see them here: ​https://github.com/wp-cli/media-command/actions/runs/19621010923/job/56181370548#step:10:158 - they're all about importing SVGs or PDFs, where no size information seems to be available.