diff options
author | Max Moroz <dor3s1@gmail.com> | 2017-02-08 18:17:50 +0100 |
---|---|---|
committer | Abhishek Arya <inferno@chromium.org> | 2017-02-08 09:17:50 -0800 |
commit | 4a0d196a012f2e78782b558957e614ca972bb239 (patch) | |
tree | 8651718b2a46cc2a2f499bc3c177fa56ab4b68df /docs/faq.md | |
parent | e8943c65df279fa72b207032c97f0ac94bb37f09 (diff) |
[docs] Add FAQ on bugs in dependencies. (#365)
* [docs] Add FAQ on bugs in dependencies.
* Update faq.md
Diffstat (limited to 'docs/faq.md')
-rw-r--r-- | docs/faq.md | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/docs/faq.md b/docs/faq.md index 4fef8ff3..c165e85b 100644 --- a/docs/faq.md +++ b/docs/faq.md @@ -63,3 +63,15 @@ expected that your project will have many fuzz targets to test different compone instead of a single fuzz target trying to cover everything. Think of fuzz target as a unit test, though it is much more powerful since it helps to test millions of data permutations rather than just one. + +## What if my fuzz target finds a bug in another project (dependency) ? + +Every bug report has a crash stack-trace that shows where the crash happened. +Using that, you can debug the root cause and see which category the bug falls in: + +- If this is a bug is due to an incorrect usage of the dependent project's API +in your project, then you need to fix your usage to call the API correctly. +- If this is a real bug in the dependent project, then you should CC the maintainers +of that project on the bug. Once cced, they will get automatic access to all the +information necessary to reproduce the issue. If this project is maintained in OSS-Fuzz, +you can search for contacts in the respective project.yaml file. |