diff --git a/webrtc/api/webrtcsdp.cc b/webrtc/api/webrtcsdp.cc
index f0e94b6221..f18653dad9 100644
--- a/webrtc/api/webrtcsdp.cc
+++ b/webrtc/api/webrtcsdp.cc
@@ -2641,6 +2641,8 @@ bool ParseContent(const std::string& message,
                         << cricket::kDataMaxBandwidth / 1000 << "kbps.";
             return ParseFailed(line, description.str(), error);
           }
+          // Prevent integer overflow.
+          b = std::min(b, INT_MAX / 1000);
           media_desc->set_bandwidth(b * 1000);
         }
       }
diff --git a/webrtc/api/webrtcsdp_unittest.cc b/webrtc/api/webrtcsdp_unittest.cc
index a2d839beb8..32f8bba603 100644
--- a/webrtc/api/webrtcsdp_unittest.cc
+++ b/webrtc/api/webrtcsdp_unittest.cc
@@ -3319,3 +3319,22 @@ TEST_F(WebRtcSdpTest, DeserializeSctpPortInVideoDescription) {
   ExpectParseFailure(std::string(kSdpWithSctpPortInVideoDescription),
                      "sctp-port");
 }
+
+// Regression test for integer overflow bug:
+// https://bugs.chromium.org/p/chromium/issues/detail?id=648071
+TEST_F(WebRtcSdpTest, DeserializeLargeBandwidthLimit) {
+  JsepSessionDescription jdesc_output(kDummyString);
+
+  // Bandwidth attribute is the max signed 32-bit int, which will get
+  // multiplied by 1000 and cause int overflow if not careful.
+  const char kSdpWithLargeBandwidth[] =
+      "v=0\r\n"
+      "o=- 18446744069414584320 18446462598732840960 IN IP4 127.0.0.1\r\n"
+      "s=-\r\n"
+      "t=0 0\r\n"
+      "m=video 3457 RTP/SAVPF 120\r\n"
+      "b=AS:2147483647\r\n"
+      "foo=fail\r\n";
+
+  ExpectParseFailure(std::string(kSdpWithLargeBandwidth), "foo=fail");
+}