diff --git a/NEWS b/NEWS
index 01f05ce75e..73bf72c2a5 100644
--- a/NEWS
+++ b/NEWS
@@ -127,6 +127,7 @@ The following bugs are resolved with this release:
   [29305] Conserve NSS buffer space during DNS packet parsing
   [29402] nscd: nscd: No such file or directory
   [29415] nscd: Fix netlink cache invalidation if epoll is used
+  [29444] gmon: Fix allocated buffer overflow (bug 29444)
   [29446] _dlopen now ignores dl_caller argument in static mode
   [29490] alpha: New __brk_call implementation is broken
   [29528] elf: Call __libc_early_init for reused namespaces
diff --git a/gmon/gmon.c b/gmon/gmon.c
index dee64803ad..bf76358d5b 100644
--- a/gmon/gmon.c
+++ b/gmon/gmon.c
@@ -132,6 +132,8 @@ __monstartup (u_long lowpc, u_long highpc)
   p->lowpc = ROUNDDOWN(lowpc, HISTFRACTION * sizeof(HISTCOUNTER));
   p->highpc = ROUNDUP(highpc, HISTFRACTION * sizeof(HISTCOUNTER));
   p->textsize = p->highpc - p->lowpc;
+  /* This looks like a typo, but it's here to align the p->froms
+     section.  */
   p->kcountsize = ROUNDUP(p->textsize / HISTFRACTION, sizeof(*p->froms));
   p->hashfraction = HASHFRACTION;
   p->log_hashfraction = -1;
@@ -142,7 +144,7 @@ __monstartup (u_long lowpc, u_long highpc)
 	 instead of integer division.  Precompute shift amount. */
       p->log_hashfraction = ffs(p->hashfraction * sizeof(*p->froms)) - 1;
   }
-  p->fromssize = p->textsize / HASHFRACTION;
+  p->fromssize = ROUNDUP(p->textsize / HASHFRACTION, sizeof(*p->froms));
   p->tolimit = p->textsize * ARCDENSITY / 100;
   if (p->tolimit < MINARCS)
     p->tolimit = MINARCS;