shell: fix occasional subtraction overflow
On a specific document, the original function causes evince
to crash
with SIGILL when compiled with -fsanitize=signed-integer-overflow
with
clang (don't know about other compilers). This document seems to cause
signed integer overflow in the original function, which is undefined
behavior in C (and should be fixed regardless of the compiler flag
mentioned above).
(cherry picked from commit 34beb3749e8a21437c49dc7636bc86ed80660fc2)
Ref GNOME/evince!674