diff --git a/ChangeLog b/ChangeLog
index b5e10c49..fb376b26 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -12,6 +12,8 @@ brevity.  Much more detail can be found in the git revision history:
     so this fix removes buggy code without loss of generality.
   - Fix irallocx_prof_sample() to always allocate large regions, even when
     alignment is non-zero.
+  - Fix prof_alloc_rollback() to read tdata from thread-specific data rather
+    than dereferencing a potentially invalid tctx.
 
 * 4.0.1 (September 15, 2015)
 
diff --git a/src/prof.c b/src/prof.c
index d68478fd..0a08062c 100644
--- a/src/prof.c
+++ b/src/prof.c
@@ -209,7 +209,7 @@ prof_alloc_rollback(tsd_t *tsd, prof_tctx_t *tctx, bool updated)
 		 */
 		tdata = prof_tdata_get(tsd, true);
 		if (tdata != NULL)
-			prof_sample_threshold_update(tctx->tdata);
+			prof_sample_threshold_update(tdata);
 	}
 
 	if ((uintptr_t)tctx > (uintptr_t)1U) {