diff --git a/ChangeLog b/ChangeLog
index 422d2f3bc8..8ae7f9e826 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+Sun May 10 16:23:58 2015  Kazuki Tsujimoto  <kazuki@callcc.net>
+
+	* proc.c (proc_binding): fix segmentation fault on marking phase.
+	  envptr of newenvval should not be NULL.
+
+	  You can reproduce by
+	   make test-all TESTS='--gc-stress -n test_to_proc_binding ruby/test_method.rb'
+
 Sun May 10 12:41:18 2015  Masaki Matsushita <glass.saga@gmail.com>
 
 	* ext/zlib/zlib.c (rb_gzreader_external_encoding):
diff --git a/proc.c b/proc.c
index 44ec281273..3e7c297242 100644
--- a/proc.c
+++ b/proc.c
@@ -2510,15 +2510,16 @@ proc_binding(VALUE self)
 	if (iseq && env->local_size < iseq->local_size) {
 	    int prev_local_size = env->local_size;
 	    int local_size = iseq->local_size;
-	    VALUE newenvval = TypedData_Wrap_Struct(RBASIC_CLASS(envval), RTYPEDDATA_TYPE(envval), 0);
-	    rb_env_t *newenv = xmalloc(sizeof(rb_env_t) + ((local_size + 1) * sizeof(VALUE)));
-	    RTYPEDDATA_DATA(newenvval) = newenv;
+	    rb_env_t *newenv;
+	    VALUE newenvval;
+	    newenv = xmalloc(sizeof(rb_env_t) + ((local_size + 1) * sizeof(VALUE)));
 	    newenv->env_size = local_size + 2;
 	    newenv->local_size = local_size;
 	    newenv->prev_envval = env->prev_envval;
 	    newenv->block = env->block;
 	    MEMCPY(newenv->env, env->env, VALUE, prev_local_size + 1);
 	    rb_mem_clear(newenv->env + prev_local_size + 1, local_size - prev_local_size);
+	    newenvval = TypedData_Wrap_Struct(RBASIC_CLASS(envval), RTYPEDDATA_TYPE(envval), newenv);
 	    newenv->env[local_size + 1] = newenvval;
 	    envval = newenvval;
 	}