|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Doc Bug #70952 GD massive memory consumption
Submitted: 2015-11-21 20:42 UTC Modified: 2018-01-12 16:44 UTC
From: s dot brunner at stephan-brunner dot net Assigned: cmb (profile)
Status: Closed Package: GD related
PHP Version: 5.5.30 OS: Ubuntu 14.04.3 LTS
Private report: No CVE-ID: None
 [2015-11-21 20:42 UTC] s dot brunner at stephan-brunner dot net

GD-version: 5.5.9+dfsg-1ubuntu4.14 (official repo)

We, Stephan Brunner and Tobias Sachs, discovered that the GD library bypasses any memory_limit setting, no matter whether it is forced as an php_admin_value in the fpm pool config or set in the php.ini. Letting gd import an image (131072 by 131072 pixels compressed to 5 MB), download: will bypass any memory limit set. 

The memory limit is set to 32MB as a php_admin_value in the pool config of fpm as shown below:
php_admin_value[memory_limit] = 32M

The php.ini file of the fpm remains untouched, 
the memory_limit value of the cli is set to 128M.

Exploitation of this bug renders the machine unusable because the machine starts to swap immediately and uses about 100% of the available cpu and memory resources as shown here:

Yours sincerely
Stephan Brunner (GPG-Key:
Tobias Sachs (GPG-Key:

Test script:

// Also available for download at

// Download link here:
$picturepath = "picture.png";


Expected result:
The GD library should respect the memory_limit.

Actual result:
The GD library uses all available resources and renders the machine unusable.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2015-11-26 15:56 UTC]
-Status: Open +Status: Not a bug
 [2015-11-26 15:56 UTC]
The memory_limit relates only to memory allocated by PHP itself, not extenal libraries. The purpose is to mitigate effects from accidents like recursion or unterminated loops. For stricter resource controls please use the operating system's facilities.
 [2015-11-28 15:32 UTC]
-Type: Security +Type: Documentation Problem
 [2015-11-28 15:32 UTC]
Moving to doc.

If you use the bundled Gd library, the php memory management is used. For systen's GD, the system memory management is used  (aka malloc VS emalloc)
 [2018-01-12 16:42 UTC]
-Status: Not a bug +Status: Closed -Assigned To: +Assigned To: cmb
 [2020-02-07 06:06 UTC]
Automatic comment on behalf of cmb
Log: Fix #70952: GD massive memory consumption
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Fri Jul 23 20:01:23 2021 UTC