Can not fuzz example minimal topic

[zouyonghao]

I try to fuzz the example minimal_topic with following steps

1. ros2_fuzzer

   root@465732971adb:/opt/ros_ws# ros2_fuzzer 
   ? What do you want to fuzz?  [['minimal_topic', {'headers_file': 'std_msgs/msg/string.hpp', 'source': 'src/publisher_subscriber_exa
     i     | minimal_topic: created fuzzer for the topic
     i     | └── src/publisher_subscriber_example/src/publisher_member_function_generated.cpp
     i     | Fuzzer(s) generated successfully
    [!]    | Please link the fuzzers to their CMakeLists.txt files,
    [!]    | recompile the projects with instrumentalization and start the fuzzers.

2. modify CMakeList.txt

   
   add_executable(generated_fuzzer src/publisher_member_function_generated.cpp)
   ament_target_dependencies(generated_fuzzer rclcpp tutorial_interfaces)

install(TARGETS talker listener generated_fuzzer DESTINATION lib/${PROJECT_NAME})

3. `colcon build`

root@465732971adb:/opt/ros_ws# colcon build Starting >>> tutorial_interfaces Starting >>> publisher_subscriber_example Finished <<< tutorial_interfaces [0.39s]
Starting >>> client_service_example Finished <<< client_service_example [0.14s]
--- stderr: publisher_subscriber_example
afl-cc 2.57b by lcamtuf@google.com /opt/ros_ws/src/publisher_subscriber_example/src/publisher_member_function_generated.cpp: In member function ‘void FuzzerPublisher::timer_callback()’: /opt/ros_ws/src/publisher_subscriber_example/src/publisher_member_function_generated.cpp:220:23: error: too few arguments to function ‘bool getString(std::string&, uint8_t)’ 220 | if (!getString(_v0)) return; | ^ /opt/ros_ws/src/publisher_subscriber_example/src/publisher_member_function_generated.cpp:160:6: note: declared here 160 | bool getString(std::string& s, uint8_t size) | ^~~~~ /opt/ros_ws/src/publisher_subscriber_example/src/publisher_member_function_generated.cpp:221:5: error: ‘request’ was not declared in this scope 221 | request->data = _v0; | ^~~ /opt/ros_ws/src/publisher_subscriber_example/src/publisher_member_function_generated.cpp:224:7: error: ‘howMuch’ was not declared in this scope 224 | if (howMuch == 0) { | ^~~ /opt/ros_ws/src/publisher_subscriber_example/src/publisher_member_function_generated.cpp: In function ‘void __injector_init()’: /opt/ros_ws/src/publisher_subscriber_example/src/publisher_member_function_generated.cpp:295:19: warning: ISO C++ forbids converting a string constant to ‘char’ [-Wwrite-strings] 295 | char argv[] = {"./my_fuzz_target", NULL}; | ^~~~~~ make[2]: [CMakeFiles/generated_fuzzer.dir/build.make:63: CMakeFiles/generated_fuzzer.dir/src/publisher_member_function_generated.cpp.o] Error 1 make[1]: [CMakeFiles/Makefile2:82: CMakeFiles/generated_fuzzer.dir/all] Error 2 make: *** [Makefile:141: all] Error 2

Failed <<< publisher_subscriber_example [2.04s, exited with code 2]

Summary: 2 packages finished [2.21s] 1 package failed: publisher_subscriber_example 1 package had stderr output: publisher_subscriber_example

[JnxF]

Thanks @zouyonghao for pointing out this problem.

I unfortunately don't have time right now, but it requires modifiying this function [1] to account for the special case of strings, which requires an extra parameter controlling how long the generated string is. A pull request would be appreciated adding a fresh variable before with getInt8 (and modulo 100, for instance) in the special case of strings.

[1] https://github.com/rosin-project/ros2_fuzz/blob/a01394f530ada966a5f9f72fd3990a6964fb8bff/ros2_automatic_fuzzer/ros2_fuzzer/fuzzing_utils/fuzzing_descriptor.py#L70