Index: src/OFMutableString.m
==================================================================
--- src/OFMutableString.m
+++ src/OFMutableString.m
@@ -525,10 +525,13 @@
 - (void)deleteTrailingWhitespaces
 {
 	size_t length = [self length];
 	ssize_t i;
 
+	if (length - 1 > SSIZE_MAX)
+		@throw [OFOutOfRangeException exception];
+
 	for (i = length - 1; i >= 0; i--) {
 		of_unichar_t c = [self characterAtIndex: i];
 
 		if (c != ' '  && c != '\t' && c != '\n' && c != '\r' &&
 		    c != '\f')

Index: src/OFString.m
==================================================================
--- src/OFString.m
+++ src/OFString.m
@@ -2002,10 +2002,13 @@
 		objc_autoreleasePoolPop(pool);
 
 		return @"";
 	}
 
+	if (length - 1 > SSIZE_MAX)
+		@throw [OFOutOfRangeException exception];
+
 	for (i = length - 1; i >= 0; i--) {
 		if (OF_IS_PATH_DELIMITER(characters[i])) {
 			i++;
 			break;
 		}

Index: src/OFString_UTF8.m
==================================================================
--- src/OFString_UTF8.m
+++ src/OFString_UTF8.m
@@ -1129,10 +1129,13 @@
 		pathCStringLength--;
 
 	if (pathCStringLength == 0)
 		return @"";
 
+	if (pathCStringLength - 1 > SSIZE_MAX)
+		@throw [OFOutOfRangeException exception];
+
 	for (i = pathCStringLength - 1; i >= 0; i--) {
 		if (OF_IS_PATH_DELIMITER(_s->cString[i])) {
 			i++;
 			break;
 		}

Index: src/OFXMLParser.m
==================================================================
--- src/OFXMLParser.m
+++ src/OFXMLParser.m
@@ -33,10 +33,11 @@
 #import "OFSystemInfo.h"
 
 #import "OFInitializationFailedException.h"
 #import "OFInvalidFormatException.h"
 #import "OFMalformedXMLException.h"
+#import "OFOutOfRangeException.h"
 #import "OFUnboundPrefixException.h"
 
 typedef void (*state_function_t)(id, SEL);
 static SEL selectors[OF_XMLPARSER_NUM_STATES];
 static state_function_t lookupTable[OF_XMLPARSER_NUM_STATES];
@@ -102,16 +103,20 @@
 
 static OFString*
 namespaceForPrefix(OFString *prefix, OFArray *namespaces)
 {
 	OFDictionary *const *objects = [namespaces objects];
+	size_t count = [namespaces count];
 	ssize_t i;
 
 	if (prefix == nil)
 		prefix = @"";
 
-	for (i = [namespaces count] - 1; i >= 0; i--) {
+	if (count - 1 > SSIZE_MAX)
+		@throw [OFOutOfRangeException exception];
+
+	for (i = count - 1; i >= 0; i--) {
 		OFString *tmp;
 
 		if ((tmp = [objects[i] objectForKey: prefix]) != nil)
 			return tmp;
 	}