diff --git a/ChangeLog b/ChangeLog
index 8af4911def..a52c0aa10b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+Sat Nov  3 12:18:35 2012  Masaki Matsushita  <glass.saga@gmail.com>
+
+	* array.c (recursive_equal): fix not to make invalid pointers when
+	  self and other are resized to same size in #== of their elements.
+	  [ruby-dev:46373] [Feature #6177]
+
 Sat Nov  3 12:06:15 2012  Kouhei Sutou  <kou@cozmixng.org>
 
 	* test/rexml/test_xml_declaration.rb (TestXmlDeclaration#test_*):
diff --git a/array.c b/array.c
index ac6074d3c1..f4750696fd 100644
--- a/array.c
+++ b/array.c
@@ -3269,18 +3269,20 @@ rb_ary_rassoc(VALUE ary, VALUE value)
 static VALUE
 recursive_equal(VALUE ary1, VALUE ary2, int recur)
 {
-    long i;
+    long i, len1;
     VALUE *p1, *p2;
 
     if (recur) return Qtrue; /* Subtle! */
 
     p1 = RARRAY_PTR(ary1);
     p2 = RARRAY_PTR(ary2);
+    len1 = RARRAY_LEN(ary1);
 
-    for (i = 0; i < RARRAY_LEN(ary1); i++) {
+    for (i = 0; i < len1; i++) {
 	if (*p1 != *p2) {
 	    if (rb_equal(*p1, *p2)) {
-		if (RARRAY_LEN(ary1) != RARRAY_LEN(ary2))
+		len1 = RARRAY_LEN(ary1);
+		if (len1 != RARRAY_LEN(ary2) || len1 < i)
 		    return Qfalse;
 		p1 = RARRAY_PTR(ary1) + i;
 		p2 = RARRAY_PTR(ary2) + i;