detect: checks for overflow when comparing signatures priorities

author Philippe Antoine <contact@catenacyber.fr>

Thu, 27 Aug 2020 15:11:10 +0000 (17:11 +0200)

committer Jeff Lucovsky <jeff@lucovsky.org>

Sun, 20 Sep 2020 14:44:47 +0000 (10:44 -0400)
author Philippe Antoine <contact@catenacyber.fr>
Thu, 27 Aug 2020 15:11:10 +0000 (17:11 +0200)
committer Jeff Lucovsky <jeff@lucovsky.org>
Sun, 20 Sep 2020 14:44:47 +0000 (10:44 -0400)
diff --git a/src/detect-engine-sigorder.c b/src/detect-engine-sigorder.c

index 642df90f7719978da611066f18d5e7f692a4e4f0..90a84d0628453832783e12065053ab600459f791 100644 (file)
--- a/src/detect-engine-sigorder.c
+++ b/src/detect-engine-sigorder.c
@@ -682,7 +682,12 @@ static int SCSigOrderByIPPairbitsCompare(SCSigSignatureWrapper *sw1,
  static int SCSigOrderByPriorityCompare(SCSigSignatureWrapper *sw1,
                                         SCSigSignatureWrapper *sw2)
  {
-    return sw2->sig->prio - sw1->sig->prio;
+    if (sw1->sig->prio > sw2->sig->prio) {
+        return -1;
+    } else if (sw1->sig->prio < sw2->sig->prio) {
+        return 1;
+    }
+    return 0;
  }
  
  /**
author	Philippe Antoine <contact@catenacyber.fr>
	Thu, 27 Aug 2020 15:11:10 +0000 (17:11 +0200)
committer	Jeff Lucovsky <jeff@lucovsky.org>
	Sun, 20 Sep 2020 14:44:47 +0000 (10:44 -0400)