gracefully handle invalid ACK delay values when parsing ACK frames

internal/wire/ack_frame.go

@@ -3,6 +3,7 @@ package wire
 import (
 	"bytes"
 	"errors"
+	"math"
 	"sort"
 	"time"
 
@@ -37,7 +38,13 @@ func parseAckFrame(r *bytes.Reader, ackDelayExponent uint8, version protocol.Ver
 	if err != nil {
 		return nil, err
 	}
-	frame.DelayTime = time.Duration(delay*1<<ackDelayExponent) * time.Microsecond
+
+	delayTime := time.Duration(delay*1<<ackDelayExponent) * time.Microsecond
+	if delayTime < 0 {
+		// If the delay time overflows, set it to the maximum encodable value.
+		delayTime = time.Duration(math.MaxInt64)
+	}
+	frame.DelayTime = delayTime
 
 	numBlocks, err := utils.ReadVarInt(r)
 	if err != nil {

internal/wire/ack_frame_test.go

@@ -3,6 +3,7 @@ package wire
 import (
 	"bytes"
 	"io"
+	"math"
 	"time"
 
 	"github.com/lucas-clemente/quic-go/internal/protocol"
@@ -129,6 +130,20 @@ var _ = Describe("ACK Frame (for IETF QUIC)", func() {
 			}
 		})
 
+		It("gracefully handles overflows of the delay time", func() {
+			data := []byte{0x2}
+			data = append(data, encodeVarInt(100)...)              // largest acked
+			data = append(data, encodeVarInt(math.MaxUint64/5)...) // delay
+			data = append(data, encodeVarInt(0)...)                // num blocks
+			data = append(data, encodeVarInt(0)...)                // first ack block
+			b := bytes.NewReader(data)
+			frame, err := parseAckFrame(b, protocol.AckDelayExponent, versionIETFFrames)
+			Expect(err).ToNot(HaveOccurred())
+			Expect(frame.DelayTime).To(BeNumerically(">", 0))
+			// The maximum encodable duration is ~292 years.
+			Expect(frame.DelayTime.Hours()).To(BeNumerically("~", 292*365*24, 365*24))
+		})
+
 		It("errors on EOF", func() {
 			data := []byte{0x2}
 			data = append(data, encodeVarInt(1000)...) // largest acked