@@ -531,11 +531,11 @@
 - (void)deleteCharactersInRange: (of_range_t)range
 {
 	size_t start = range.location;
 	size_t end = range.location + range.length;
 
-	if (end > s->length)
+	if (range.length > SIZE_MAX - range.location || end > s->length)
 		@throw [OFOutOfRangeException exceptionWithClass: [self class]];
 
 	s->hashed = NO;
 	s->length -= end - start;
 
@@ -563,11 +563,11 @@
 {
 	size_t start = range.location;
 	size_t end = range.location + range.length;
 	size_t newCStringLength, newLength;
 
-	if (end > s->length)
+	if (range.length > SIZE_MAX - range.location || end > s->length)
 		@throw [OFOutOfRangeException exceptionWithClass: [self class]];
 
 	newLength = s->length - (end - start) + [replacement length];
 
 	if (s->isUTF8) {
@@ -602,21 +602,22 @@
 	size_t searchLength = [string UTF8StringLength];
 	size_t replacementLength = [replacement UTF8StringLength];
 	size_t i, last, newCStringLength, newLength;
 	char *newCString;
 
+	if (range.length > SIZE_MAX - range.location ||
+	    range.location + range.length > [self length])
+		@throw [OFOutOfRangeException exceptionWithClass: [self class]];
+
 	if (s->isUTF8) {
 		range.location = of_string_utf8_get_position(s->cString,
 		    range.location, s->cStringLength);
 		range.length = of_string_utf8_get_position(
 		    s->cString + range.location, range.length,
 		    s->cStringLength - range.location);
 	}
 
-	if (range.location + range.length > [self UTF8StringLength])
-		@throw [OFOutOfRangeException exceptionWithClass: [self class]];
-
 	if ([string UTF8StringLength] > range.length)
 		return;
 
 	newCString = NULL;
 	newCStringLength = 0;