From 3179fb29318d99c101f1abd016e8d90461d366cb Mon Sep 17 00:00:00 2001
From: Victor Boivie <boivie@webrtc.org>
Date: Fri, 8 Oct 2021 11:53:32 +0200
Subject: [PATCH] dcsctp: Avoid integer overflow in HEARTBEAT-ACK v2

This is a follow-up to change 232904 that also validates that the
timestamp from the heartbeat ack isn't negative (which the fuzzer
managed to set it to).

Bug: chromium:1252515
Change-Id: Idaac570589dbdaaee67b7785f6232b60226e88e1
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/234582
Reviewed-by: Florent Castelli <orphis@webrtc.org>
Commit-Queue: Victor Boivie <boivie@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#35168}
---
 net/dcsctp/socket/heartbeat_handler.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/dcsctp/socket/heartbeat_handler.cc b/net/dcsctp/socket/heartbeat_handler.cc
index 8f41b9d925..9588b85b59 100644
--- a/net/dcsctp/socket/heartbeat_handler.cc
+++ b/net/dcsctp/socket/heartbeat_handler.cc
@@ -154,7 +154,7 @@ void HeartbeatHandler::HandleHeartbeatAck(HeartbeatAckChunk chunk) {
   }
 
   TimeMs now = ctx_->callbacks().TimeMillis();
-  if (info->created_at() <= now) {
+  if (info->created_at() > TimeMs(0) && info->created_at() <= now) {
     ctx_->ObserveRTT(now - info->created_at());
   }