[docs] Add FAQ on bugs in dependencies. (#365)

* [docs] Add FAQ on bugs in dependencies. * Update faq.md
2017-02-08 18:17:50 +01:00 · 2017-02-08 18:17:50 +01:00 · 4a0d196a01
parent e8943c65df
commit 4a0d196a01
1 changed files with 12 additions and 0 deletions
--- a/docs/faq.md
+++ b/docs/faq.md
@ -63,3 +63,15 @@ expected that your project will have many fuzz targets to test different compone
 instead of a single fuzz target trying to cover everything. Think of fuzz target
 as a unit test, though it is much more powerful since it helps to test millions
 of data permutations rather than just one.
+
+## What if my fuzz target finds a bug in another project (dependency) ?
+
+Every bug report has a crash stack-trace that shows where the crash happened.
+Using that, you can debug the root cause and see which category the bug falls in:
+
+- If this is a bug is due to an incorrect usage of the dependent project's API 
+in your project, then you need to fix your usage to call the API correctly.
+- If this is a real bug in the dependent project, then you should CC the maintainers
+of that project on the bug. Once cced, they will get automatic access to all the
+information necessary to reproduce the issue. If this project is maintained in OSS-Fuzz,
+you can search for contacts in the respective project.yaml file.