Eric, could you please help to find an owner for this?

This particular overflow happens when constructing a base::Time() given milliseconds, as the underlying representation is in microseconds:

  return Time((milliseconds * kMicrosecondsPerMillisecond) +
      kWindowsEpochDeltaMicroseconds);

Rather than add defenses in the caller (ftp in this case) to avoid passing values that are too large to trigger this, I think it is probably better to have overflow safe code in base::Time (as it does take care in other places not to overflow).

I am thinking either adding the possibility of failure to FromExploded(), or choosing some non-crashing default like saturating to the maximum time value. Or even both: return failure, but also return maximum time, avoiding the need to update the existing callers.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4569208704204800

Fuzzer: libfuzzer_net_ftp_directory_listing_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  base::Time::FromExploded
  FromLocalExploded
  net::FtpUtil::WindowsDateListingToTime
  

Minimized Testcase (0.04 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94CuBvdWS_6YJ6_Q_D4XcAeTOGnY2gaIOo54yFf-jix7LTKEchNHHUHb6xgAFiIaEMj5ex2ckRAklSE8aEmo7n4VE6yHZDrT9BzS_D75xG7foEROKSTW15mQq5WHiIAiVPgBfHLQYIn4lC3-ogC_LiLCibteg

Filer: mmoroz

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5154272483737600

Fuzzer: libfuzzer_net_ftp_directory_listing_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  base::Time::FromExploded
  FromLocalExploded
  VmsDateListingToTime
  

Minimized Testcase (0.21 Kb): https://cluster-fuzz.appspot.com/download/AMIfv9502C6DGUfp-zUcV4DYZHxVp-KIg8w0fmv9jjRnMvG-mVN_bAZ1v7eXIvPh7fSG14fEQ-vQLdTHSV5hEnPdx72lQJViZMNt-gvBQq0z2SNTPQt-1OomG2eaEbcuK9MEEABOLUBHl-b8qGoPnxpvQ7Z8bYqI9Q

Filer: mmoroz

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4587785343729664

Fuzzer: libfuzzer_net_ftp_directory_listing_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  base::Time::FromExploded
  FromLocalExploded
  TwoColumnDateListingToTime
  

Minimized Testcase (0.30 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95ATOs2c_5yxKtBOAaJmiZYowsnmn2ujwMPoH8d7Wi00bBxJg54ZYiD85tUWva5tOmHXj8ONS24ZOvJfVS_DtF88Bi5ynjtyw3s3y_Vsh20qZLIa5TQ07U6XTOSmY-UAvTKa0mHZNhvEnvhZZqR45BxCXU-_Q?testcase_id=4587785343729664

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4569208704204800

Fuzzer: libfuzzer_net_ftp_directory_listing_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  base::Time::FromExploded
  FromLocalExploded
  net::FtpUtil::WindowsDateListingToTime
  

Minimized Testcase (0.04 Kb): https://cluster-fuzz.appspot.com/download/AMIfv953dfoayi9Nc48aJg5pihjbpeVznE9pz-6QAUsOEDqkt1--vTM7Ylne3USAbmBmcCyTIf9x716LMdYn4DzNazf1E49yKbxBBHg95ZD_qQKrduy1DHD2eTIqWdMshYkna7LkV8O-38Ok5_aRK0BIvtjCElz66w?testcase_id=4569208704204800

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5154272483737600

Fuzzer: libfuzzer_net_ftp_directory_listing_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  base::Time::FromExploded
  FromLocalExploded
  VmsDateListingToTime
  

Minimized Testcase (0.21 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95-PHaQtrLRroFZdj2zfDLy3Vk1PuamhwnlVFADnpdqX54g04MiQ4Cp4_SXjX4GNmkoNJd8nYscV9JlX7SLwTWxAcDDZ3cKJe6xn8YAvP8sahvJi_vqJuWbAKcqyCjdvi0N0nmFeGFQd0m4JzywSWDeDXsaBQ?testcase_id=5154272483737600

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

 Issue 637053  has been merged into this issue.

ClusterFuzz testcase is verified as fixed, closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Re-Opening this as Clusterfuzz has detected the failure again.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5210023259275264

Fuzzer: libfuzzer_net_ftp_directory_listing_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  base::Time::FromExploded
  FromLocalExploded
  FromLocalExploded
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=399707:399796

Minimized Testcase (0.02 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv96VJQkS8d4XSdvreg4QMK5bmjfGyC5vkVTJpbnMnVeVSKcwkyP9lSNvb9S313ZsBdeSY5NTLAodysZucJ_WNOMYxLlxaQ7biBoOaFkFq0KRI_C9jgU243uUoKjp4e6cAYTKBIpXZ8zs-AwZEtsncHzElt3hSQ?testcase_id=5210023259275264
1-1-9918030
05:30
0


Issue manually filed by: durga.behera

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

ClusterFuzz has detected this issue as fixed in range 423338:423416.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5210023259275264

Fuzzer: libfuzzer_net_ftp_directory_listing_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  base::Time::FromExploded
  FromLocalExploded
  FromLocalExploded
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=399707:399796
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=423338:423416

Minimized Testcase (0.02 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv96VJQkS8d4XSdvreg4QMK5bmjfGyC5vkVTJpbnMnVeVSKcwkyP9lSNvb9S313ZsBdeSY5NTLAodysZucJ_WNOMYxLlxaQ7biBoOaFkFq0KRI_C9jgU243uUoKjp4e6cAYTKBIpXZ8zs-AwZEtsncHzElt3hSQ?testcase_id=5210023259275264
1-1-9918030
05:30
0


See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Bulk-WontFixing these bugs. This was a bug on ClusterFuzz side, see bug 717534. We will start seeing new testcases auto-filed in a day or two. We can't leave these open as ClusterFuzz won't autoverify them after ClusterFuzz-Wrong label.

We have made a bunch of changes on ClusterFuzz side, so resetting ClusterFuzz-Wrong label.