diff --git a/ChangeLog b/ChangeLog
index 57b6512b1a..d9a1fd8f11 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+Fri Apr 30 12:05:20 2010  Tanaka Akira  <akr@fsij.org>
+
+	* file.c (file_expand_path): call rb_str_set_len before BUFCHECK to
+	  prevent rb_str_resize in BUFCHECK discard the content.
+
 Fri Apr 30 11:48:31 2010  Marc-Andre Lafortune  <ruby-core@marc-andre.ca>
 
 	* string.c (rb_str_sub_bang): String#sub! now raises an error when
diff --git a/file.c b/file.c
index 23fd05c892..9b6c56f0cf 100644
--- a/file.c
+++ b/file.c
@@ -2858,10 +2858,12 @@ file_expand_path(VALUE fname, VALUE dname, int abs_mode, VALUE result)
     if (p > buf && p[-1] == '/')
 	--p;
     else {
+	rb_str_set_len(result, p-buf);
 	BUFCHECK(bdiff + 1 >= buflen);
 	*p = '/';
     }
 
+    rb_str_set_len(result, p-buf+1);
     BUFCHECK(bdiff + 1 >= buflen);
     p[1] = 0;
     root = skipprefix(buf);
@@ -2925,6 +2927,7 @@ file_expand_path(VALUE fname, VALUE dname, int abs_mode, VALUE result)
 #endif
 	    if (s > b) {
 		long rootdiff = root - buf;
+		rb_str_set_len(result, p-buf+1);
 		BUFCHECK(bdiff + (s-b+1) >= buflen);
 		root = buf + rootdiff;
 		memcpy(++p, b, s-b);
@@ -2955,6 +2958,7 @@ file_expand_path(VALUE fname, VALUE dname, int abs_mode, VALUE result)
 	    }
 	}
 #endif
+	rb_str_set_len(result, p-buf+1);
 	BUFCHECK(bdiff + (s-b) >= buflen);
 	memcpy(++p, b, s-b);
 	p += s-b;