eina_hash: fix possible issuedevs/bu5hm4n/overflow_checks

As seen in ed84d7d9007b297c00540f38bc07422a3be7267c, values can
overflow.

This here is a signed integer, and the hash can come from a user and
gets right shifted by a value between 2 and 17 bits, this could result
in a maximum big integer in one hash head, but a 0 in the other hash
head. This means the operation:

left->hash - right->hash could overflow.

This can be worked arround with changing
(left->hash - right->hash < 0)
to
left->hash < right->hash

This is not overflowting,because jmg can handle two 32bit words

1 files changed, 7 insertions, 2 deletions

diff --git a/src/lib/eina/eina_hash.c b/src/lib/eina/eina_hash.c
index b2d338d832..3872ac32b1 100644
--- a/src/lib/eina/eina_hash.c
+++ b/src/lib/eina/eina_hash.c
@@ -158,7 +158,12 @@ _eina_hash_hash_rbtree_cmp_hash(const Eina_Hash_Head *hash_head,
                                 EINA_UNUSED int key_length,
                                 EINA_UNUSED void *data)
 {
-   return hash_head->hash - *hash;
+   if (hash_head->hash < *hash)
+     return -1;
+   else if (hash_head->hash == *hash)
+     return 0;
+   else
+     return 1;
 }
 
 static Eina_Rbtree_Direction
@@ -166,7 +171,7 @@ _eina_hash_hash_rbtree_cmp_node(const Eina_Hash_Head *left,
                                 const Eina_Hash_Head *right,
                                 EINA_UNUSED void *data)
 {
-   if (left->hash - right->hash < 0)
+   if (left->hash < right->hash)
      return EINA_RBTREE_LEFT;
 
    return EINA_RBTREE_RIGHT;