diff --git a/ChangeLog b/ChangeLog
index c245e8a0c2..1ddf3dec90 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2004-01-04  Ronald Bultje  <rbultje@ronald.bitfreak.net>
+
+	* gst/mpegstream/gstmpegdemux.c: (gst_mpeg_demux_parse_syshead),
+	(gst_mpeg_demux_parse_packet), (gst_mpeg_demux_parse_pes):
+	* gst/mpegstream/gstmpegparse.c: (gst_mpeg_parse_parse_packhead):
+	  Fix more integer overflows. Again, see #126967.
+
 2004-01-03  Ronald Bultje  <rbultje@ronald.bitfreak.net>
 
 	* ext/mpeg2dec/gstmpeg2dec.c:
diff --git a/gst/mpegstream/gstmpegdemux.c b/gst/mpegstream/gstmpegdemux.c
index 7bdf5fbdc9..f888171852 100644
--- a/gst/mpegstream/gstmpegdemux.c
+++ b/gst/mpegstream/gstmpegdemux.c
@@ -400,7 +400,7 @@ gst_mpeg_demux_parse_syshead (GstMPEGParse *mpeg_parse, GstBuffer *buffer)
       }
 
       STD_buffer_bound_scale = *buf & 0x20;
-      STD_buffer_size_bound = (*buf++ & 0x1F) << 8;
+      STD_buffer_size_bound = ((guint16)(*buf++ & 0x1F)) << 8;
       STD_buffer_size_bound |= *buf++;
 
       if (STD_buffer_bound_scale == 0) {
@@ -557,7 +557,7 @@ gst_mpeg_demux_parse_packet (GstMPEGParse *mpeg_parse, GstBuffer *buffer)
         GST_DEBUG ("have STD");
 
         STD_buffer_bound_scale =  bits & 0x20;
-        STD_buffer_size_bound  = (bits & 0x1F) << 8;
+        STD_buffer_size_bound  = ((guint16)(bits & 0x1F)) << 8;
         STD_buffer_size_bound |=  *buf++;
 
         headerlen += 2;
@@ -566,29 +566,29 @@ gst_mpeg_demux_parse_packet (GstMPEGParse *mpeg_parse, GstBuffer *buffer)
         switch (bits & 0x30) {
 	  case 0x20:
             /* pts:3 ! 1 ! pts:15 ! 1 | pts:15 ! 1 */
-            pts  = (bits & 0x0E)   << 29;
-            pts |=  *buf++         << 22;
-            pts |= (*buf++ & 0xFE) << 14;
-            pts |=  *buf++         <<  7;
-            pts |= (*buf++ & 0xFE) >>  1;
+            pts  = ((guint64)(bits & 0x0E)  ) << 29;
+            pts |= ((guint64) *buf++        ) << 22;
+            pts |= ((guint64)(*buf++ & 0xFE)) << 14;
+            pts |= ((guint64) *buf++        ) <<  7;
+            pts |= ((guint64)(*buf++ & 0xFE)) >>  1;
 
             GST_DEBUG ("PTS = %" G_GUINT64_FORMAT, pts);
             headerlen += 5;
 	    goto done;
 	  case 0x30:
             /* pts:3 ! 1 ! pts:15 ! 1 | pts:15 ! 1 */
-            pts  = (bits & 0x0E)   << 29;
-            pts |=  *buf++         << 22;
-            pts |= (*buf++ & 0xFE) << 14;
-            pts |=  *buf++         <<  7;
-            pts |= (*buf++ & 0xFE) >>  1;
+            pts  = ((guint64)(bits & 0x0E)  ) << 29;
+            pts |= ((guint64) *buf++        ) << 22;
+            pts |= ((guint64)(*buf++ & 0xFE)) << 14;
+            pts |= ((guint64) *buf++        ) <<  7;
+            pts |= ((guint64)(*buf++ & 0xFE)) >>  1;
 
             /* sync:4 ! pts:3 ! 1 ! pts:15 ! 1 | pts:15 ! 1 */
-            dts  = (*buf++ & 0x0E) << 29;
-            dts |=  *buf++         << 22;
-            dts |= (*buf++ & 0xFE) << 14;
-            dts |=  *buf++         <<  7;
-            dts |= (*buf++ & 0xFE) >>  1;
+            dts  = ((guint64)(*buf++ & 0x0E)) << 29;
+            dts |= ((guint64) *buf++        ) << 22;
+            dts |= ((guint64)(*buf++ & 0xFE)) << 14;
+            dts |= ((guint64) *buf++        ) <<  7;
+            dts |= ((guint64)(*buf++ & 0xFE)) >>  1;
 
             GST_DEBUG ("PTS = %" G_GUINT64_FORMAT ", DTS = %" G_GUINT64_FORMAT, pts, dts);
             headerlen += 10;
@@ -767,9 +767,9 @@ gst_mpeg_demux_parse_pes (GstMPEGParse *mpeg_parse, GstBuffer *buffer)
     if ((flags2 & 0x10)) {
       guint32 es_rate;
 
-      es_rate  = (*buf++ & 0x07) << 14;
-      es_rate |= (*buf++       ) << 7;
-      es_rate |= (*buf++ & 0xFE) >> 1;
+      es_rate  = ((guint32)(*buf++ & 0x07)) << 14;
+      es_rate |= ((guint32)(*buf++       )) << 7;
+      es_rate |= ((guint32)(*buf++ & 0xFE)) >> 1;
       GST_DEBUG ("%x ES Rate found", id);
     }
     /* FIXME: lots of PES parsing missing here... */
diff --git a/gst/mpegstream/gstmpegparse.c b/gst/mpegstream/gstmpegparse.c
index 15cc8b4a27..eb9efdf0c7 100644
--- a/gst/mpegstream/gstmpegparse.c
+++ b/gst/mpegstream/gstmpegparse.c
@@ -308,10 +308,10 @@ gst_mpeg_parse_parse_packhead (GstMPEGParse *mpeg_parse, GstBuffer *buffer)
     guint32 scr_ext;
 
     /* :2=01 ! scr:3 ! marker:1==1 ! scr:15 ! marker:1==1 ! scr:15 */
-    scr  = (scr1 & 0x38000000) << 3;
-    scr |= (scr1 & 0x03fff800) << 4;
-    scr |= (scr1 & 0x000003ff) << 5;
-    scr |= (scr2 & 0xf8000000) >> 27;
+    scr  = ((guint64) scr1 & 0x38000000) << 3;
+    scr |= ((guint64) scr1 & 0x03fff800) << 4;
+    scr |= ((guint64) scr1 & 0x000003ff) << 5;
+    scr |= ((guint64) scr2 & 0xf8000000) >> 27;
 
     scr_ext = (scr2 & 0x03fe0000) >> 17;
 
@@ -325,17 +325,17 @@ gst_mpeg_parse_parse_packhead (GstMPEGParse *mpeg_parse, GstBuffer *buffer)
     new_rate = (GUINT32_FROM_BE ((*(guint32 *) buf)) & 0xfffffc00) >> 10;
   }
   else {
-    scr  = (scr1 & 0x0e000000) << 5;
-    scr |= (scr1 & 0x00fffe00) << 6;
-    scr |= (scr1 & 0x000000ff) << 7;
-    scr |= (scr2 & 0xfe000000) >> 25;
+    scr  = ((guint64) scr1 & 0x0e000000) << 5;
+    scr |= ((guint64) scr1 & 0x00fffe00) << 6;
+    scr |= ((guint64) scr1 & 0x000000ff) << 7;
+    scr |= ((guint64) scr2 & 0xfe000000) >> 25;
 
     buf += 5;
     /* we do this byte by byte because buf[3] might be outside of buf's
      * memory space */
-    new_rate = (buf[0] & 0x7f) << 15;
-    new_rate |= buf[1] << 7;
-    new_rate |= buf[2] >> 1;
+    new_rate  = ((gint32) buf[0] & 0x7f) << 15;
+    new_rate |= ((gint32) buf[1]) << 7;
+    new_rate |=           buf[2]  >> 1;
   }
 
   scr_orig = scr;