diff --git a/libavformat/mov.c b/libavformat/mov.c
index c9de693df0..e9b6c761f4 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -470,16 +470,19 @@ static int mov_read_enda(MOVContext *c, ByteIOContext *pb, MOV_atom_t atom)
 static int mov_read_extradata(MOVContext *c, ByteIOContext *pb, MOV_atom_t atom)
 {
     AVStream *st = c->fc->streams[c->fc->nb_streams-1];
-    if((uint64_t)atom.size > (1<<30))
+    uint64_t size= (uint64_t)st->codec->extradata_size + atom.size + 8 + FF_INPUT_BUFFER_PADDING_SIZE;
+    uint8_t *buf;
+    if(size > INT_MAX || (uint64_t)atom.size > INT_MAX)
         return -1;
-    av_free(st->codec->extradata);
-    st->codec->extradata_size = atom.size + 8;
-    st->codec->extradata = av_mallocz(st->codec->extradata_size + FF_INPUT_BUFFER_PADDING_SIZE);
-    if (st->codec->extradata) {
-        AV_WL32(st->codec->extradata + 4, atom.type);
-        get_buffer(pb, st->codec->extradata + 8, atom.size);
-    } else
-        url_fskip(pb, atom.size);
+    buf= av_realloc(st->codec->extradata, size);
+    if(!buf)
+        return -1;
+    st->codec->extradata= buf;
+    buf+= st->codec->extradata_size;
+    st->codec->extradata_size= size - FF_INPUT_BUFFER_PADDING_SIZE;
+    AV_WB32(       buf    , atom.size + 8);
+    AV_WL32(       buf + 4, atom.type);
+    get_buffer(pb, buf + 8, atom.size);
     return 0;
 }