TL;DR
Current included Imagick can't decode many larger heic due to bug, package update fixes bug.
Description
HEIC images fail to generate previews in the stock Nextcloud Docker image due to an Imagick memory/security limit at exactly 512 MiB. Increasing ImageMagick policy limits and Nextcloud preview limits does not resolve the issue. Upgrading the ImageMagick/libheif stack inside the container immediately fixes the problem.
Steps to reproduce
- Deploy official Nextcloud Docker image
- Upload HEIC image (modern phone photo, high resolution)
- Trigger preview generation (web UI or background jobs)
Actual behavior
Preview generation fails with:
ImagickException:` Memory allocation error:
Security limit exceeded: Allocating 599270415 bytes exceeds the security limit of 536870912 bytes
@ error/heic.c/IsHEIFSuccess/141
Expected behavior
- ImageMagick should respect configured policy.xml limits
- HEIC previews should succeed when sufficient memory limits are configured
What was tested
1. Nextcloud config
php 'preview_max_memory' => 1024,
→ No effect
2. ImageMagick policy override
/etc/ImageMagick-7/policy.xml modified:
<policy domain="resource" name="memory" value="1GiB"/>
<policy domain="resource" name="map" value="2GiB"/>
<policy domain="resource" name="disk" value="8GiB"/>
<policy domain="system" name="max-memory-request" value="1GiB"/>
→ Confirmed present inside running container
→ No effect (error still at exactly 536870912 bytes)
3. Direct PHP test (outside Nextcloud)
php -r 'try{
$im=new Imagick();
$im->readImage("/path/to/file.heic");
echo "OK\n";
}catch(Throwable $e){
echo $e->getMessage(),"\n";
}'
Result: Same 536870912-byte security limit error
→ Confirms issue is not Nextcloud-specific
4. Temporary upgrade inside container
Added newer packages (Debian sid):
apt-get update
apt-get install -y -t sid libheif1 libmagickcore-7.q16-10 libmagickwand-7.q16-10
Then reran same PHP test:
OK
→ Same HEIC file loads successfully
Conclusion
- The failure is tied to the ImageMagick/libheif version shipped in the container
- The HEIC decode path appears to ignore or be constrained by a fixed 512 MiB limit in that build
- Policy changes (
max-memory-request, etc.) do not affect this behavior
- Upgrading the stack resolves the issue immediately
Environment
Nextcloud Docker image (official)
PHP imagick 3.8.1
ImageMagick 7.1.1-43 (container default)
libheif 1.19.8
Debian-based container
After manual upgrade:
- HEIC decoding works (with minor ABI warning)
Request
- Update ImageMagick/libheif packages in the base image
Notes
This is reproducible via direct PHP Imagick usage (not specific to Nextcloud)
The error is deterministic and always occurs at 512 MiB allocation threshold
Behavior changes immediately with newer ImageMagick/libheif
TL;DR
Current included Imagick can't decode many larger heic due to bug, package update fixes bug.
Description
HEIC images fail to generate previews in the stock Nextcloud Docker image due to an Imagick memory/security limit at exactly 512 MiB. Increasing ImageMagick policy limits and Nextcloud preview limits does not resolve the issue. Upgrading the ImageMagick/libheif stack inside the container immediately fixes the problem.
Steps to reproduce
Actual behavior
Preview generation fails with:
Expected behavior
What was tested
1. Nextcloud config
php 'preview_max_memory' => 1024,→ No effect
2. ImageMagick policy override
/etc/ImageMagick-7/policy.xmlmodified:→ Confirmed present inside running container
→ No effect (error still at exactly 536870912 bytes)
3. Direct PHP test (outside Nextcloud)
Result: Same 536870912-byte security limit error
→ Confirms issue is not Nextcloud-specific
4. Temporary upgrade inside container
Added newer packages (Debian sid):
Then reran same PHP test:
OK
→ Same HEIC file loads successfully
Conclusion
max-memory-request, etc.) do not affect this behaviorEnvironment
Nextcloud Docker image (official)
PHP imagick 3.8.1
ImageMagick 7.1.1-43 (container default)
libheif 1.19.8
Debian-based container
After manual upgrade:
Request
Notes
This is reproducible via direct PHP Imagick usage (not specific to Nextcloud)
The error is deterministic and always occurs at 512 MiB allocation threshold
Behavior changes immediately with newer ImageMagick/libheif