detect: checks for overflow when comparing signatures priorities

author Philippe Antoine <contact@catenacyber.fr>

Thu, 27 Aug 2020 15:11:10 +0000 (17:11 +0200)

committer Victor Julien <victor@inliniac.net>

Tue, 8 Sep 2020 10:00:12 +0000 (12:00 +0200)
author Philippe Antoine <contact@catenacyber.fr>
Thu, 27 Aug 2020 15:11:10 +0000 (17:11 +0200)
committer Victor Julien <victor@inliniac.net>
Tue, 8 Sep 2020 10:00:12 +0000 (12:00 +0200)
diff --git a/src/detect-engine-sigorder.c b/src/detect-engine-sigorder.c

index 6cfa2d9e8aaf46ec47131ffd9450d6a6da55215d..469af1f60b82b8b67074f947e66d2713de1b7d1f 100644 (file)
--- a/src/detect-engine-sigorder.c
+++ b/src/detect-engine-sigorder.c
@@ -682,7 +682,12 @@ static int SCSigOrderByIPPairbitsCompare(SCSigSignatureWrapper *sw1,
  static int SCSigOrderByPriorityCompare(SCSigSignatureWrapper *sw1,
                                         SCSigSignatureWrapper *sw2)
  {
-    return sw2->sig->prio - sw1->sig->prio;
+    if (sw1->sig->prio > sw2->sig->prio) {
+        return -1;
+    } else if (sw1->sig->prio < sw2->sig->prio) {
+        return 1;
+    }
+    return 0;
  }
  
  /**
author	Philippe Antoine <contact@catenacyber.fr>
	Thu, 27 Aug 2020 15:11:10 +0000 (17:11 +0200)
committer	Victor Julien <victor@inliniac.net>
	Tue, 8 Sep 2020 10:00:12 +0000 (12:00 +0200)