← All libraries
Parser · C++
How to fuzz yaml-cpp
yaml-cpp's recursive emitter and parser share fragile depth assumptions.
yaml-cpp is the dominant YAML library in the C++ ecosystem, used in ROS, game engines, and configuration frameworks. Its scanner, parser, and emitter all recurse through the document tree without explicit depth limits, making deeply nested inputs a reliable source of stack overflows and heap allocation failures.
Common bug classes
- •Stack overflow via deeply recursive YAML document nodes
- •Heap buffer overflow in scalar emitter quote detection
- •Use-after-free in node assignment operator on self-reference
- •Integer overflow in sequence index arithmetic
- •Null dereference on missing map value after colon
Recommended setup
Fuzzers
- → AFL++
- → libFuzzer
Sanitizers
- → ASan
- → UBSan
Harness scaffold
#include <stdint.h>
#include <stddef.h>
#include <yaml-cpp/yaml.h>
#include <sstream>
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
try {
std::string input(reinterpret_cast<const char *>(data), size);
YAML::Load(input);
} catch (...) {}
return 0;
}Save this as fuzz_target.cc, build with your compiler + sanitizer flags, and you have a working starting point.
Push the harness above + a Dockerfile. First month 50% off.