diff --git a/media/libstagefright/frameworks/av/media/libstagefright/ESDS.cpp b/media/libstagefright/frameworks/av/media/libstagefright/ESDS.cpp
index ccf60e3..a4ebdb2 100644
--- a/media/libstagefright/frameworks/av/media/libstagefright/ESDS.cpp
+++ b/media/libstagefright/frameworks/av/media/libstagefright/ESDS.cpp
@@ -133,33 +133,43 @@ status_t ESDS::parseESDescriptor(size_t offset, size_t size) {
     unsigned URL_Flag = mData[offset] & 0x40;
     unsigned OCRstreamFlag = mData[offset] & 0x20;
 
     ++offset;
     --size;
 
     if (streamDependenceFlag) {
         offset += 2;
+        if (size <= 2) {
+            return ERROR_MALFORMED;
+        }
         size -= 2;
     }
 
     if (URL_Flag) {
         if (offset >= size) {
             return ERROR_MALFORMED;
         }
         unsigned URLlength = mData[offset];
         offset += URLlength + 1;
+        if (size <= URLlength + 1) {
+            return ERROR_MALFORMED;
+        }
         size -= URLlength + 1;
     }
 
     if (OCRstreamFlag) {
         offset += 2;
+        if (size <= 2) {
+            return ERROR_MALFORMED;
+        }
         size -= 2;
 
         if ((offset >= size || mData[offset] != kTag_DecoderConfigDescriptor)
+                && offset >= 2
                 && offset - 2 < size
                 && mData[offset - 2] == kTag_DecoderConfigDescriptor) {
             // Content found "in the wild" had OCRstreamFlag set but was
             // missing OCR_ES_Id, the decoder config descriptor immediately
             // followed instead.
             offset -= 2;
             size += 2;
