@@ -470,11 +470,12 @@
 	const of_unichar_t *searchString = [string unicodeString];
 	size_t searchLength = [string length];
 	size_t replacementLength = [replacement length];
 	size_t i;
 
-	if (range.location + range.length > [self length])
+	if (range.length > SIZE_MAX - range.location ||
+	    range.location + range.length > [self length])
 		@throw [OFOutOfRangeException exceptionWithClass: [self class]];
 
 	if (searchLength > range.length) {
 		objc_autoreleasePoolPop(pool);
 		return;