dcsctp: Avoid integer overflow in HEARTBEAT-ACK v2 This is a follow-up to change 232904 that also validates that the timestamp from the heartbeat ack isn't negative (which the fuzzer managed to set it to). Bug: chromium:1252515 Change-Id: Idaac570589dbdaaee67b7785f6232b60226e88e1 Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/234582 Reviewed-by: Florent Castelli <orphis@webrtc.org> Commit-Queue: Victor Boivie <boivie@webrtc.org> Cr-Commit-Position: refs/heads/main@{#35168}

commit: 3179fb29318d99c101f1abd016e8d90461d366cb [log] [tgz]
author: Victor Boivie <boivie@webrtc.org> Fri Oct 08 09:53:32 2021
committer: WebRTC LUCI CQ <webrtc-scoped@luci-project-accounts.iam.gserviceaccount.com> Fri Oct 08 11:06:11 2021
tree: 7f3d12bfbebf94fe07e185cb696969b74c1e5d5d
parent: 2bcdb5d63a764cc4980817c91d1c8d8f4aeeff0f [diff]
diff --git a/net/dcsctp/socket/heartbeat_handler.cc b/net/dcsctp/socket/heartbeat_handler.cc
index 8f41b9d..9588b85 100644
--- a/net/dcsctp/socket/heartbeat_handler.cc
+++ b/net/dcsctp/socket/heartbeat_handler.cc

@@ -154,7 +154,7 @@
   }
 
   TimeMs now = ctx_->callbacks().TimeMillis();
-  if (info->created_at() <= now) {
+  if (info->created_at() > TimeMs(0) && info->created_at() <= now) {
     ctx_->ObserveRTT(now - info->created_at());
   }
commit	3179fb29318d99c101f1abd016e8d90461d366cb	[log] [tgz]
author	Victor Boivie <boivie@webrtc.org>	Fri Oct 08 09:53:32 2021
committer	WebRTC LUCI CQ <webrtc-scoped@luci-project-accounts.iam.gserviceaccount.com>	Fri Oct 08 11:06:11 2021
tree	7f3d12bfbebf94fe07e185cb696969b74c1e5d5d
parent	2bcdb5d63a764cc4980817c91d1c8d8f4aeeff0f [diff]