diff --git a/media/libstagefright/frameworks/av/media/libstagefright/MPEG4Extractor.cpp b/media/libstagefright/frameworks/av/media/libstagefright/MPEG4Extractor.cpp
index 3a80ecfc2e08..d3dc01cd7777 100644
--- a/media/libstagefright/frameworks/av/media/libstagefright/MPEG4Extractor.cpp
+++ b/media/libstagefright/frameworks/av/media/libstagefright/MPEG4Extractor.cpp
@@ -1843,6 +1843,10 @@ status_t MPEG4Extractor::parseChunk(off64_t *offset, int depth) {
                 size = 0;
             }
 
+            // Make sure (size + chunk_size) isn't going to overflow.
+            if (size > (size_t)-1 - chunk_size) {
+                return ERROR_MALFORMED;
+            }
             uint8_t *buffer = new uint8_t[size + chunk_size];
 
             if (size > 0) {
@@ -2689,6 +2693,11 @@ status_t MPEG4Source::parseChunk(off64_t *offset) {
         return ERROR_MALFORMED;
     }
 
+    if (chunk_size >= INT32_MAX - 128) {
+        // Could cause an overflow later. Abort.
+        return ERROR_MALFORMED;
+    }
+
     char chunk[5];
     MakeFourCCString(chunk_type, chunk);
     ALOGV("MPEG4Source chunk %s @ %llx", chunk, *offset);