diff --git a/util/ChangeLog b/util/ChangeLog
index 3d9605bc1..8d1c64f86 100644
--- a/util/ChangeLog
+++ b/util/ChangeLog
@@ -1,3 +1,8 @@
+2005-03-10  Werner Koch  <wk@g10code.com>
+
+	* secmem.c (secmem_realloc): Take control information into account
+	when testing for a resize.
+
 2004-12-03  David Shaw  <dshaw@jabberwocky.com>
 
 	* http.c (send_request): Include the port if non-80 in the Host:
diff --git a/util/secmem.c b/util/secmem.c
index dda84202a..a96db49d7 100644
--- a/util/secmem.c
+++ b/util/secmem.c
@@ -393,6 +393,10 @@ secmem_realloc( void *p, size_t newsize )
 
     mb = (MEMBLOCK*)((char*)p - ((size_t) &((MEMBLOCK*)0)->u.aligned.c));
     size = mb->size;
+    if (size < sizeof(MEMBLOCK))
+      log_bug ("secure memory corrupted at block %p\n", mb);
+    size -= ((size_t) &((MEMBLOCK*)0)->u.aligned.c);
+
     if( newsize < size )
 	return p; /* it is easier not to shrink the memory */
     a = secmem_malloc( newsize );