Handle extreme time_now value in BackoffEntrySerializer.

Although it seems unlikely that the clock would ever return a positive
or negative infinity value in real life, we need to help the fuzzer get
over this bump.

Under the hood, TimeBase::operator- was being invoked when we computed
|backoff_duration = absolute_release_time - time_now|, and this
operation was overflowing the int64_t. This CL converts the values to
TimeDelta before subtracting. As a result, the subtraction now uses
TimeDelta::operator-, ensuring the integer overflow does not occur via
saturating math.

Bug: 1083616
Change-Id: I24481920a4dfc4b2f8bd57b106190879656ddc28
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2320416Reviewed-by: Maksim Orlovich <morlovich@chromium.org>
Commit-Queue: Dan McArdle <dmcardle@chromium.org>
Cr-Commit-Position: refs/heads/master@{#792030}

net/base/backoff_entry_serializer.cc

@@ -81,7 +81,15 @@ std::unique_ptr<BackoffEntry> BackoffEntrySerializer::DeserializeFromValue(
       base::TimeDelta::FromSecondsD(original_backoff_duration_double);
   base::Time absolute_release_time =
       base::Time::FromInternalValue(absolute_release_time_us);
-  base::TimeDelta backoff_duration = absolute_release_time - time_now;
+  // Before computing |backoff_duration|, throw out +/- infinity values for
+  // either operand. This way, we can use base::TimeDelta's saturated math.
+  if (absolute_release_time.is_min() || absolute_release_time.is_max() ||
+      time_now.is_min() || time_now.is_max()) {
+    return nullptr;
+  }
+  base::TimeDelta backoff_duration =
+      absolute_release_time.ToDeltaSinceWindowsEpoch() -
+      time_now.ToDeltaSinceWindowsEpoch();
   // In cases where the system wall clock is rewound, use the redundant
   // original_backoff_duration to ensure the backoff duration isn't longer
   // than it was before serializing (note that it's not possible to protect