← All libraries
Parser · C++
How to fuzz JsonCpp
A popular C++ JSON library — deeply nested arrays can exhaust the call stack.
JsonCpp is widely used in C++ server applications and game engines. Its recursive descent parser allocates DOM nodes on the heap without depth guards, making it vulnerable to stack exhaustion and heap fragmentation attacks via adversarially nested JSON structures.
Common bug classes
- •Stack overflow via deeply nested JSON arrays or objects
- •Heap buffer overflow in string token unescaping
- •Integer overflow in unicode surrogate pair decode
- •Out-of-bounds read on truncated UTF-8 string value
- •Null dereference on empty key in strict object parsing
Recommended setup
Fuzzers
- → AFL++
- → libFuzzer
Sanitizers
- → ASan
- → UBSan
Harness scaffold
#include <stdint.h>
#include <stddef.h>
#include <json/json.h>
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
Json::CharReaderBuilder builder;
builder["collectComments"] = false;
std::unique_ptr<Json::CharReader> reader(builder.newCharReader());
Json::Value root;
std::string errs;
reader->parse(reinterpret_cast<const char *>(data),
reinterpret_cast<const char *>(data) + size,
&root, &errs);
return 0;
}Save this as fuzz_target.cc, build with your compiler + sanitizer flags, and you have a working starting point.
Push the harness above + a Dockerfile. First month 50% off.