detect: fix FNs in case of too many prefilter engines
Fix FNs in case of too many prefilter engines. A transaction was tracking
which engines have run using a u64 bit array. The engines 'local_id' was
used to set and check this bit. However the bit checking code didn't
handle int types correctly, leading to an incorrect left shift result of
a u32 to a u64 bit value.
This commit addresses that by fixing the int handling.
This is only a partial fix however. It's not hard to craft a ruleset that
exceeds the 63-bit space available. A more complete fix is in:
932cf0b6a6ad ("detect: track prefilter by progress, not engine")
However this seems like a too high risk change for a backport into
5.0.
This patch does issue a warning if the condition is detected at start
up, and `-T` does error out on it.
Bug: #4688.
projects / thirdparty / suricata.git / commit
