Chrome Version: 55.0.2883.91
OS: Found on Android, but other platforms are affected as well

What steps will reproduce the problem?
(1) Run the attached python script. It will start a local http server on port 9999.
(2) Open the URL "http://localhost:9999/"

What is the expected result?

Current date is displayed.

What happens instead?

"01/00/0000 00:00:00" is displayed.

The attached python script serves an HTML page which displays the value returned by "document.lastModified". The script also attaches a malformed "Last-Modified" HTTP header to the response.

Per HTML spec https://html.spec.whatwg.org/#dom-document-lastmodified , "If the last modification date and time are not known, the attribute must return the current date and time in the above format.". But the current behavior is that a bogus date "01/00/0000 00:00:00" is returned in release builds, and there is a renderer crash on DCHECK in debug builds in WTF::msToYear.

Absence of "Last-Modified" HTTP header yields the correct result: the current date is returned.

The problem is that in blink::Document::lastModified(), the header value is parsed into a double value (NaN when malformed) and then passed without validation to convertToLocalTime(): https://cs.chromium.org/chromium/src/third_party/WebKit/Source/core/dom/Document.cpp?dr=CSs&l=4670

The solution would probably be to validate the httpLastModified in Document::LastModified() (i.e. check that the resulting double value is not NaN) and return the current date, same as when httpLastModified is empty.

The problem is not reproduced in Firefox which returns the current date.
 

Deleted: invalid_last_modified.py 677 bytes

invalid_last_modified.py 677 bytes View Download