diff --git a/import/chips/p9/utils/imageProcs/p9_scan_compression.C b/import/chips/p9/utils/imageProcs/p9_scan_compression.C
index 8cff9edf9..290b06641 100644
--- a/import/chips/p9/utils/imageProcs/p9_scan_compression.C
+++ b/import/chips/p9/utils/imageProcs/p9_scan_compression.C
@@ -919,7 +919,6 @@ int
 rs4_embed_cmsk( CompressedScanData** io_rs4,
                 CompressedScanData*  i_rs4Cmsk )
 {
-    char* embeddedAddr = (char*)(*io_rs4 + 1);
     size_t embeddedSize = be16toh(i_rs4Cmsk->iv_size);
     size_t totalSize   = be16toh((*io_rs4)->iv_size) + embeddedSize;
 
@@ -931,6 +930,10 @@ rs4_embed_cmsk( CompressedScanData** io_rs4,
         return BUG(SCAN_COMPRESSION_NO_MEMORY);
     }
 
+    // realloc() above may move the buffer, so derive the embedded address from
+    // the (possibly new) *io_rs4 pointer rather than from the pre-realloc one.
+    char* embeddedAddr = (char*)(*io_rs4 + 1);
+
     // Make space for cmsk ring
     memmove(embeddedAddr + embeddedSize,
             embeddedAddr,