CrowCpp · gittiver · Apr 2, 2026 · Apr 2, 2026
diff --git a/tests/fuzz/CMakeLists.txt b/tests/fuzz/CMakeLists.txt
@@ -26,4 +26,6 @@ endif ()
 
 define_fuzzer(template_fuzzer)
 define_fuzzer(request_fuzzer)
-define_fuzzer(b64_fuzzer)
+define_fuzzer(b64_fuzzer)
+define_fuzzer(json_fuzzer)
+define_fuzzer(http_fuzzer)
diff --git a/tests/fuzz/http_fuzzer.cpp b/tests/fuzz/http_fuzzer.cpp
@@ -0,0 +1,42 @@
+#include <cstdint>
+#include <fuzzer/FuzzedDataProvider.h>
+#include "crow.h"
+
+struct DummyHandler {
+    void handle_url() {}
+    void handle_header() {}
+    void handle() {}
+    size_t stream_threshold() { return 1024*1024; }
+};
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+    static crow::SimpleApp app;
+    static bool initialized = false;
+    if (!initialized) {
+        CROW_ROUTE(app, "/test/<string>/<int>")
+          ([](const crow::request& req, std::string a, int b)
+           {
+             return "OK";
+           });
+        CROW_ROUTE(app, "/json")
+          ([](const crow::request& req)
+           {
+             auto j = crow::json::load(req.body);
+             if (j) return "JSON";
+             return "NOT JSON";
+           });
+        crow::logger::setLogLevel(crow::LogLevel::CRITICAL);
+        initialized = true;
+    }
+
+    DummyHandler dummy;
+    crow::HTTPParser<DummyHandler> parser(&dummy);
+
+    if (parser.feed(reinterpret_cast<const char*>(data), size)) {
+        parser.done();
+        crow::response res;
+        app.handle_full(parser.req, res);
+    }
+
+    return 0;
+}
diff --git a/tests/fuzz/json_fuzzer.cpp b/tests/fuzz/json_fuzzer.cpp
@@ -0,0 +1,35 @@
+#include <cstdint>
+#include <string>
+#include "crow/json.h"
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+    if (size == 0) {
+        return 0;
+    }
+
+    std::string input(reinterpret_cast<const char*>(data), size);
+    try {
+        crow::json::rvalue json_val = crow::json::load(input);
+        if (json_val) {
+            // If parsing succeeded, try to access some properties to trigger more code
+            auto t = json_val.t();
+            if (t == crow::json::type::Object) {
+                for (const auto& key : json_val.keys()) {
+                    auto& val = json_val[key];
+                    (void)val.t();
+                }
+            } else if (t == crow::json::type::List) {
+                for (const auto& val : json_val) {
+                    (void)val.t();
+                }
+            }
+
+            // Also try to dump it back to string
+            // (void)crow::json::dump(json_val); // Need to check if dump exists
+        }
+    } catch (...) {
+        // Ignore exceptions from invalid JSON
+    }
+
+    return 0;
+}