|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #81549 Memory leak : php memory_limit option seems to be not respected
Submitted: 2021-10-21 15:44 UTC Modified: 2021-10-21 19:24 UTC
From: massedil-php-bugs at msd dot im Assigned:
Status: Suspended Package: *General Issues
PHP Version: 7.3.31 OS: Debian GNU/Linux 10 (buster)
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: massedil-php-bugs at msd dot im
New email:
PHP Version: OS:


 [2021-10-21 15:44 UTC] massedil-php-bugs at msd dot im

I think it is a security issue because it is possible to bypass the php memory_limit parameter, fill a the server memory and swap memory and then crash a server.

How to reproduce

1. Download the unique php file "lib_phpQuery.php" from

2. Execute the test script

Note that there is no "3rd-party C libraries".

More details

I use php 7.3 on this server.

We discovered this bug with Alkarex (

Last open bug is here :

PHP 7.3 seems affected

I can reproduce this bug on Debian GNU/Linux 10 (buster)
PHP 7.3.29-1~deb10u1 (cli) (built: Jul  2 2021 04:04:33) ( NTS )

PHP 7.4 seems NOT affected

I can't reproduce it on Ubuntu 20.04.3 LTS
PHP 7.4.3 (cli) (built: Aug 13 2021 05:39:12) ( NTS )

I well have a "PHP Fatal error:  Allowed memory size exhausted".

PHP Fatal error:  Allowed memory size of 67108864 bytes exhausted (tried to allocate 4096 bytes) in lib_phpQuery.php on line 1229

Test script:

$html = '<html><article>Hello</article></html>';

function test($html) {

for ($i = 100000; $i > 0; $i--) {

echo memory_get_peak_usage(true), "\n";

Expected result:
I expect a "PHP Fatal error:  Allowed memory size exhausted".

Actual result:
The script fill the memory of the server and ignore the memory_limit parameter.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2021-10-21 19:24 UTC]
-Status: Open +Status: Suspended -Type: Security +Type: Bug
 [2021-10-21 19:24 UTC]
Looking at the file you referred, I see quite a lot of references to XML/DOM functions. These, of course, are using "3rd-party C libraries" - namely libxml2. PHP can not fully control memory usage for such libraries. If there's any specific memory leak that is identifiable by a simple code example (5700+ line script is not simple) and attributable to PHP, it may deserve a look but then we need such an example. Given that it doesn't happen in 7.4+ my recommendation would be to upgrade - there probably has been some improvements in libxml2 interfacing since then.
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Thu Oct 06 08:05:52 2022 UTC