Fix: overflow of signed integer results in undefined behaviour

Fix: overflow of signed integer results in undefined behaviour

The expression "min_value = -((int64_t)1 << (size - 1))"

will result in a signed integer overflow when size is 64
((1ULL << 63) > LONG_MAX).

Note that larger sizes are unsupported and checked for in the setter.

Signed overflows result in undefined behaviour and llvm takes
advantage of this to optimize away the range check

"if (value < min_value || value > max_value) {"

Surprisingly, this was not catched by GCC, Coverity, scan-build or
cppcheck.

The fix consists in computing both bounds using an unsigned long long
type and, in the case of the lower bound, negating it (resulting in a
long long).

Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>