Breaking protobuf-java fuzzer project

For https://issues.oss-fuzz.com/issues/411993459

We are investigating a Fatal-signal in ProtobufFuzzer for protobuf-java, we found out that the current [protobuf-java project](https://github.com/google/oss-fuzz/blob/master/projects/protobuf-java/build.sh) is breaking but non-reproducible. It builds the Protobuf Java runtime from our github/main which has pom.xml files of submodules [removed](https://github.com/protocolbuffers/protobuf/commit/f5ffaf906365f861d9ef45c37264c2e29cef29f3) and in turn failed `mvn package`. The concern is that it's testing against github/main but not the released Protobuf Java artifacts, and the main branch is not guaranteed to build or work at any time.

We have sent out a PR (already merged) regarding this: https://github.com/google/oss-fuzz/pull/13635

With that being said, the original OSSFuzz [bug report](https://g-issues.oss-fuzz.com/issues/411993459?pli=1&authuser=0) does not seem to point to Protobuf Java but some low-level infrastructures. The "failing" test case is just empty and we couldn't reproduce the error with the fix (https://github.com/google/oss-fuzz/pull/13635).  

We are wondering if it is an internal OssFuzz infra error than Protobuf's. We would like to get some support to understand and remediate the bug, and consult about any actionable steps we should take.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Breaking protobuf-java fuzzer project #13734

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Breaking protobuf-java fuzzer project #13734

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions