diff -r 350a0e3898bd -r aed60ba37acf test/buffer_tests.c
--- a/test/buffer_tests.c	Mon May 05 15:56:39 2014 +0200
+++ b/test/buffer_tests.c	Tue May 06 10:56:54 2014 +0200
@@ -503,25 +503,57 @@
 
     UcxBuffer *src = ucx_buffer_new(buffer, 16, UCX_BUFFER_AUTOFREE);
     src->size = 15;
-    UcxBuffer *dst = ucx_buffer_extract(src, 5, 5, UCX_BUFFER_DEFAULT);
+    UcxBuffer *dst = ucx_buffer_extract(src, 5, 5, UCX_BUFFER_AUTOEXTEND);
 
     UCX_TEST_BEGIN
     UCX_TEST_ASSERT(dst != NULL, "ucx_buffer_extract returned NULL");
-            
-    UCX_TEST_ASSERT((dst->flags & UCX_BUFFER_AUTOFREE) == UCX_BUFFER_AUTOFREE,
+    UCX_TEST_ASSERT(dst->flags == (UCX_BUFFER_AUTOEXTEND | UCX_BUFFER_AUTOFREE),
             "autofree flag shall be enforced");
     UCX_TEST_ASSERT(dst->size == 5, "wrong size for new buffer");
+    UCX_TEST_ASSERT(dst->capacity == 5, "wrong capacity for new buffer");
+    UCX_TEST_ASSERT(dst->pos == 0, "wrong position for new buffer");
     char rb[5];
     ucx_buffer_read(rb, 1, 5, dst);
     UCX_TEST_ASSERT(memcmp(rb, "is a ", 5) == 0,
             "new buffer has incorrect content");
 
-    UCX_TEST_ASSERT(ucx_buffer_extract(dst, 3, 3, UCX_BUFFER_DEFAULT) == NULL,
-            "extract shall fail on invalid bounds");
+    UCX_TEST_END
+
+    ucx_buffer_free(dst);
+    ucx_buffer_free(src);
+}
+
+UCX_TEST(test_ucx_buffer_extract_oob) {
+    char *buffer = (char*) malloc(16);
+    strcpy(buffer, "this is a test!");
+
+    UcxBuffer *src = ucx_buffer_new(buffer, 16, UCX_BUFFER_AUTOFREE);
+    UCX_TEST_BEGIN
+    
+    UCX_TEST_ASSERT(ucx_buffer_extract(src, 5, 0, UCX_BUFFER_DEFAULT) == NULL,
+            "extract shall fail on zero length");
+    UCX_TEST_ASSERT(ucx_buffer_extract(src, 10, 10, UCX_BUFFER_DEFAULT) == NULL,
+            "extract shall fail on invalid bounds (size exceeds limits)");
+    UCX_TEST_ASSERT(ucx_buffer_extract(src, 20, -7, UCX_BUFFER_DEFAULT) == NULL,
+            "extract shall fail on invalid bounds (start exceeds limits)");
 
     UCX_TEST_END
 
-    ucx_buffer_free(dst);
+    ucx_buffer_free(src);
+}
+
+UCX_TEST(test_ucx_buffer_extract_overflow) {
+    char *buffer = (char*) malloc(16);
+    strcpy(buffer, "this is a test!");
+
+    UcxBuffer *src = ucx_buffer_new(buffer, 16, UCX_BUFFER_AUTOFREE);
+    UCX_TEST_BEGIN
+    
+    UCX_TEST_ASSERT(ucx_buffer_extract(src, 5, (size_t)-4,
+        UCX_BUFFER_DEFAULT) == NULL, "extract shall fail on integer overflow");
+
+    UCX_TEST_END
+
     ucx_buffer_free(src);
 }