diff --git a/src/detect-engine-payload.c b/src/detect-engine-payload.c
index 9ca1754a69..1568aed052 100644
--- a/src/detect-engine-payload.c
+++ b/src/detect-engine-payload.c
@@ -361,7 +361,7 @@ static int PayloadTestSig03 (void) {
     Packet *p = UTHBuildPacket( buf, buflen, IPPROTO_TCP);
     int result = 0;
 
-    char sig[] = "alert tcp any any -> any any (content:\"aBc\"; nocase; content:\"abca\"; distance:-10; within:1; sid:1;)";
+    char sig[] = "alert tcp any any -> any any (content:\"aBc\"; nocase; content:\"abca\"; distance:-10; within:4; sid:1;)";
     if (UTHPacketMatchSigMpm(p, sig, MPM_B2G) == 0) {
         result = 0;
         goto end;
diff --git a/src/detect-within.c b/src/detect-within.c
index 801c0db5c2..c58caf7e1b 100644
--- a/src/detect-within.c
+++ b/src/detect-within.c
@@ -28,6 +28,13 @@ void DetectWithinRegister (void) {
     sigmatch_table[DETECT_WITHIN].flags |= SIGMATCH_PAYLOAD;
 }
 
+/** \brief Setup within pattern (content/uricontent) modifier.
+ *
+ *  \todo apply to uricontent
+ *
+ *  \retval 0 ok
+ *  \retval -1 error, sig needs to be invalidated
+ */
 static int DetectWithinSetup (DetectEngineCtx *de_ctx, Signature *s, char *withinstr)
 {
     char *str = withinstr;
@@ -45,7 +52,7 @@ static int DetectWithinSetup (DetectEngineCtx *de_ctx, Signature *s, char *withi
         goto error;
     }
 
-    /** Search for the first previous DetectContent
+    /* Search for the first previous DetectContent
      * SigMatch (it can be the same as this one) */
     SigMatch *pm = DetectContentFindPrevApplicableSM(s->pmatch_tail);
     if (pm == NULL || DetectContentHasPrevSMPattern(pm) == NULL) {
@@ -60,12 +67,14 @@ static int DetectWithinSetup (DetectEngineCtx *de_ctx, Signature *s, char *withi
     }
 
     cd->within = strtol(str, NULL, 10);
-    if (cd->within < cd->content_len) {
-        SCLogError(SC_ERR_INVALID_SIGNATURE, "within argument \"%d\" is less "
-                   "than the content length \"%s\" which is invalid, since this "
-                   "will never match.  Invalidating signature", cd->within, cd->content);
+    if (cd->within < (int32_t)cd->content_len) {
+        SCLogError(SC_ERR_WITHIN_INVALID, "within argument \"%"PRIi32"\" is "
+                "less than the content length \"%"PRIu32"\" which is invalid, since "
+                "this will never match.  Invalidating signature", cd->within,
+                cd->content_len);
         goto error;
     }
+
     cd->flags |= DETECT_CONTENT_WITHIN;
 
     if (cd->flags & DETECT_CONTENT_DISTANCE) {
diff --git a/src/util-error.c b/src/util-error.c
index 102476ba60..00bb1c2906 100644
--- a/src/util-error.c
+++ b/src/util-error.c
@@ -88,6 +88,7 @@ const char * SCErrorToString(SCError err)
         CASE_CODE (SC_ERR_BYTETEST_MISSING_CONTENT);
         CASE_CODE (SC_ERR_BYTEJUMP_MISSING_CONTENT);
         CASE_CODE (SC_ERR_WITHIN_MISSING_CONTENT);
+        CASE_CODE (SC_ERR_WITHIN_INVALID);
         CASE_CODE (SC_ERR_DEPTH_MISSING_CONTENT);
         CASE_CODE (SC_ERR_OFFSET_MISSING_CONTENT);
         CASE_CODE (SC_ERR_NOCASE_MISSING_PATTERN);
diff --git a/src/util-error.h b/src/util-error.h
index bc4d2a9be0..fafc13e0a6 100644
--- a/src/util-error.h
+++ b/src/util-error.h
@@ -109,6 +109,7 @@ typedef enum {
     SC_ERR_FLAGS_MODIFIER,
     SC_ERR_DISTANCE_MISSING_CONTENT,
     SC_ERR_WITHIN_MISSING_CONTENT,
+    SC_ERR_WITHIN_INVALID,
     SC_ERR_OFFSET_MISSING_CONTENT,
     SC_ERR_DEPTH_MISSING_CONTENT,
     SC_ERR_BYTETEST_MISSING_CONTENT,