Fix bounds math issues in tests revealed by quickcheck v1

Some tests relied on unsigned arithmetic that could wrap around, and
quickcheck 1.0 was able to reveal the problem. All of the issues were in
the tests rather than in the implementation.

Fixes #22. Fixes compatibility with quickcheck v1.

Author: musicinmybrain

src/lib.rs

@@ -339,7 +339,7 @@ mod test {
     #[test]
     fn check_array_ref_5() {
         fn f(data: Vec<u8>, offset: usize) -> quickcheck::TestResult {
-            if data.len() < offset + 5 {
+            if data.len() < 5 || data.len() - 5 < offset {
                 return quickcheck::TestResult::discard();
             }
             let out = array_ref!(data, offset, 5);
@@ -351,7 +351,7 @@ mod test {
     #[test]
     fn check_array_ref_out_of_bounds_5() {
         fn f(data: Vec<u8>, offset: usize) -> quickcheck::TestResult {
-            if data.len() >= offset + 5 {
+            if data.len() >= 5 && data.len() - 5 >= offset {
                 return quickcheck::TestResult::discard();
             }
             quickcheck::TestResult::must_fail(move || {
@@ -364,7 +364,7 @@ mod test {
     #[test]
     fn check_array_mut_ref_7() {
         fn f(mut data: Vec<u8>, offset: usize) -> quickcheck::TestResult {
-            if data.len() < offset + 7 {
+            if data.len() < 7 || data.len() - 7 < offset {
                 return quickcheck::TestResult::discard();
             }
             let out = array_mut_ref!(data, offset, 7);
@@ -377,7 +377,7 @@ mod test {
     #[test]
     fn check_array_mut_ref_out_of_bounds_32() {
         fn f(mut data: Vec<u8>, offset: usize) -> quickcheck::TestResult {
-            if data.len() >= offset + 32 {
+            if data.len() >= 32 && data.len() - 32 >= offset {
                 return quickcheck::TestResult::discard();
             }
             quickcheck::TestResult::must_fail(move || {