Prevent integer overflow when (de)serializing BackoffEntry

net/base/backoff_entry_unittest.cc

Index: net/base/backoff_entry_unittest.cc
diff --git a/net/base/backoff_entry_unittest.cc b/net/base/backoff_entry_unittest.cc
index bf0e1b92a9675a4ca544dca74fba7179a0d87171..66aeff89d5ecc86bc4610582622c463c8cf29b6d 100644
--- a/net/base/backoff_entry_unittest.cc
+++ b/net/base/backoff_entry_unittest.cc
@@ -327,7 +327,7 @@ TEST(BackoffEntryTest, OverflowProtection) {
   EXPECT_EQ(20000, custom.GetTimeUntilRelease().InMilliseconds());
 }
 
-TEST(BackoffEntryTest, SerializeTimeOffsets) {
+TEST(BackoffEntryTest, SerializationTimeOffsets) {
   TestBackoffEntry original(&base_policy);
   // 2 errors.
   original.InformOfRequest(false);
@@ -335,7 +335,7 @@ TEST(BackoffEntryTest, SerializeTimeOffsets) {
   scoped_ptr<base::ListValue> serialized = original.Serialize();
 
   {
-    // Test that immediate deserializeation round-trips.
+    // Test that immediate deserialization round-trips.
     TestBackoffEntry deserialized(&base_policy);
     EXPECT_TRUE(deserialized.Deserialize(*serialized));
     EXPECT_EQ(original.failure_count(), deserialized.failure_count());
@@ -405,7 +405,7 @@ TEST(BackoffEntryTest, SerializeTimeOffsets) {
   }
 }
 
-TEST(BackoffEntryTest, SerializeNoFailures) {
+TEST(BackoffEntryTest, SerializationNoFailures) {
   TestBackoffEntry original(&base_policy);
   scoped_ptr<base::ListValue> serialized = original.Serialize();
 
@@ -420,4 +420,131 @@ TEST(BackoffEntryTest, SerializeNoFailures) {
   EXPECT_EQ(original.GetReleaseTime(), deserialized.GetReleaseTime());
 }
 
+TEST(BackoffEntryTest, SerializationOverflowProtection) {
+  // Test that deserialization round-trips with extremely large positive and
+  // negative release times.
+  BackoffEntry::Policy no_maximum_policy = base_policy;
+  no_maximum_policy.maximum_backoff_ms = -1;
+
+  // Test that deserialization round-trips if ImplGetTimeNow and
+  // ImplGetWallClockTimeNow are zero throughout.
+  {
+    TestBackoffEntry original(&no_maximum_policy);
+    original.SetCustomReleaseTime(TimeTicks::FromInternalValue(kint64max - 1));
+    scoped_ptr<base::ListValue> serialized = original.Serialize();
+    TestBackoffEntry deserialized(&no_maximum_policy);
+    EXPECT_TRUE(deserialized.Deserialize(*serialized));
+    EXPECT_EQ(original.failure_count(), deserialized.failure_count());
+    EXPECT_EQ(original.GetReleaseTime(), deserialized.GetReleaseTime());
+  }
+  {
+    TestBackoffEntry original(&no_maximum_policy);
+    original.SetCustomReleaseTime(TimeTicks::FromInternalValue(kint64min + 1));
+    scoped_ptr<base::ListValue> serialized = original.Serialize();
+    TestBackoffEntry deserialized(&no_maximum_policy);
+    EXPECT_TRUE(deserialized.Deserialize(*serialized));
+    EXPECT_EQ(original.failure_count(), deserialized.failure_count());
+    EXPECT_EQ(original.GetReleaseTime(), deserialized.GetReleaseTime());
+  }
+
+
+  // These were the actual values when I wrote this test.
+  const TimeTicks realistic_time_ticks_now =
+      TimeTicks::FromInternalValue(304519400134);
+  const Time realistic_wall_clock_time_now =
+      Time::FromInternalValue(13071957275919685);
+
+  // Test overflow behavior, when ImplGetTimeNow and ImplGetWallClockTimeNow
+  // initially have realistic values but then decrease.
+  {
+    TestBackoffEntry original(&no_maximum_policy);
+    original.SetCustomReleaseTime(TimeTicks::FromInternalValue(kint64max - 1));
+    original.set_now(realistic_time_ticks_now);
+    original.set_wall_clock_now(realistic_wall_clock_time_now);
+    scoped_ptr<base::ListValue> serialized = original.Serialize();
+    TestBackoffEntry deserialized(&no_maximum_policy);
+    EXPECT_TRUE(deserialized.Deserialize(*serialized));
+    EXPECT_EQ(original.failure_count(), deserialized.failure_count());
+    EXPECT_EQ(TimeTicks::FromInternalValue(kint64max),
+              deserialized.GetReleaseTime());
+  }
+  {
+    TestBackoffEntry original(&no_maximum_policy);
+    original.SetCustomReleaseTime(TimeTicks::FromInternalValue(kint64min + 1));
+    original.set_now(realistic_time_ticks_now);
+    original.set_wall_clock_now(realistic_wall_clock_time_now);
+    scoped_ptr<base::ListValue> serialized = original.Serialize();
+    TestBackoffEntry deserialized(&no_maximum_policy);
+    EXPECT_TRUE(deserialized.Deserialize(*serialized));
+    EXPECT_EQ(original.failure_count(), deserialized.failure_count());
+    EXPECT_EQ(TimeTicks::FromInternalValue(kint64min)
+                  + (realistic_wall_clock_time_now - Time()),
+              deserialized.GetReleaseTime());
+  }
+
+  // Test overflow behavior, when ImplGetTimeNow and ImplGetWallClockTimeNow
+  // are initially zero, but then have realistic values.
+  {
+    TestBackoffEntry original(&no_maximum_policy);
+    original.SetCustomReleaseTime(TimeTicks::FromInternalValue(kint64max - 1));
+    scoped_ptr<base::ListValue> serialized = original.Serialize();
+    TestBackoffEntry deserialized(&no_maximum_policy);
+    deserialized.set_now(realistic_time_ticks_now);
+    deserialized.set_wall_clock_now(realistic_wall_clock_time_now);
+    EXPECT_TRUE(deserialized.Deserialize(*serialized));
+    EXPECT_EQ(original.failure_count(), deserialized.failure_count());
+    EXPECT_EQ(original.GetReleaseTime()
+                  - (realistic_wall_clock_time_now - Time())
+                  + (realistic_time_ticks_now - TimeTicks()),
+              deserialized.GetReleaseTime());
+  }
+  {
+    TestBackoffEntry original(&no_maximum_policy);
+    original.SetCustomReleaseTime(TimeTicks::FromInternalValue(kint64min + 1));
+    scoped_ptr<base::ListValue> serialized = original.Serialize();
+    TestBackoffEntry deserialized(&no_maximum_policy);
+    deserialized.set_now(realistic_time_ticks_now);
+    deserialized.set_wall_clock_now(realistic_wall_clock_time_now);
+    EXPECT_TRUE(deserialized.Deserialize(*serialized));
+    EXPECT_EQ(original.failure_count(), deserialized.failure_count());
+    EXPECT_EQ(TimeTicks::FromInternalValue(kint64min)
+                  + (realistic_time_ticks_now - TimeTicks()),
+              deserialized.GetReleaseTime());
+  }
+
+  // Test overflow behavior, when ImplGetTimeNow and ImplGetWallClockTimeNow
+  // have the same realistic values both before and after.
+  {
+    TestBackoffEntry original(&no_maximum_policy);
+    original.SetCustomReleaseTime(TimeTicks::FromInternalValue(kint64max - 1));
+    original.set_now(realistic_time_ticks_now);
+    original.set_wall_clock_now(realistic_wall_clock_time_now);
+    scoped_ptr<base::ListValue> serialized = original.Serialize();
+    TestBackoffEntry deserialized(&no_maximum_policy);
+    deserialized.set_now(realistic_time_ticks_now);
+    deserialized.set_wall_clock_now(realistic_wall_clock_time_now);
+    EXPECT_TRUE(deserialized.Deserialize(*serialized));
+    EXPECT_EQ(original.failure_count(), deserialized.failure_count());
+    EXPECT_EQ(TimeTicks::FromInternalValue(kint64max)
+                  - (realistic_wall_clock_time_now - Time())
+                  + (realistic_time_ticks_now - TimeTicks()),
+              deserialized.GetReleaseTime());
+  }
+  {
+    TestBackoffEntry original(&no_maximum_policy);
+    original.SetCustomReleaseTime(TimeTicks::FromInternalValue(kint64min + 1));
+    original.set_now(realistic_time_ticks_now);
+    original.set_wall_clock_now(realistic_wall_clock_time_now);
+    scoped_ptr<base::ListValue> serialized = original.Serialize();
+    TestBackoffEntry deserialized(&no_maximum_policy);
+    deserialized.set_now(realistic_time_ticks_now);
+    deserialized.set_wall_clock_now(realistic_wall_clock_time_now);
+    EXPECT_TRUE(deserialized.Deserialize(*serialized));
+    EXPECT_EQ(original.failure_count(), deserialized.failure_count());
+    EXPECT_EQ(TimeTicks::FromInternalValue(kint64min)
+              + (realistic_time_ticks_now - TimeTicks()),
+              deserialized.GetReleaseTime());
+  }
+}
+
 }  // namespace