diff --git a/tests/explicit_bzero.c b/tests/explicit_bzero.c
index 34c60baa8a..9c0e917829 100644
--- a/tests/explicit_bzero.c
+++ b/tests/explicit_bzero.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: explicit_bzero.c,v 1.6 2014/07/11 01:10:35 matthew Exp $	*/
+/*	$OpenBSD: explicit_bzero.c,v 1.7 2021/03/27 11:17:58 bcook Exp $	*/
 /*
  * Copyright (c) 2014 Google Inc.
  *
@@ -18,6 +18,7 @@
 #include <assert.h>
 #include <errno.h>
 #include <signal.h>
+#include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
 
@@ -36,19 +37,33 @@ enum {
 	SECRETBYTES = SECRETCOUNT * sizeof(secret)
 };
 
-static char altstack[SIGSTKSZ + SECRETBYTES];
+/*
+ * As of glibc 2.34, when _GNU_SOURCE is defined, SIGSTKSZ is no longer
+ * constant on Linux. SIGSTKSZ is redefined to sysconf (_SC_SIGSTKSZ).
+ */
+static char *altstack;
+#define ALTSTACK_SIZE (SIGSTKSZ + SECRETBYTES)
 
 static void
 setup_stack(void)
 {
+	altstack = calloc(1, ALTSTACK_SIZE);
+	ASSERT_NE(NULL, altstack);
+
 	const stack_t sigstk = {
 		.ss_sp = altstack,
-		.ss_size = sizeof(altstack),
+		.ss_size = ALTSTACK_SIZE
 	};
 
 	ASSERT_EQ(0, sigaltstack(&sigstk, NULL));
 }
 
+static void
+cleanup_stack(void)
+{
+	free(altstack);
+}
+
 static void
 assert_on_stack(void)
 {
@@ -129,7 +144,7 @@ test_without_bzero()
 	char buf[SECRETBYTES];
 	assert_on_stack();
 	populate_secret(buf, sizeof(buf));
-	char *res = memmem(altstack, sizeof(altstack), buf, sizeof(buf));
+	char *res = memmem(altstack, ALTSTACK_SIZE, buf, sizeof(buf));
 	ASSERT_NE(NULL, res);
 	return (res);
 }
@@ -140,7 +155,7 @@ test_with_bzero()
 	char buf[SECRETBYTES];
 	assert_on_stack();
 	populate_secret(buf, sizeof(buf));
-	char *res = memmem(altstack, sizeof(altstack), buf, sizeof(buf));
+	char *res = memmem(altstack, ALTSTACK_SIZE, buf, sizeof(buf));
 	ASSERT_NE(NULL, res);
 	explicit_bzero(buf, sizeof(buf));
 	return (res);
@@ -183,15 +198,17 @@ main()
 	 * on the stack.  This sanity checks that call_on_stack() and
 	 * populate_secret() work as intended.
 	 */
-	memset(altstack, 0, sizeof(altstack));
+	memset(altstack, 0, ALTSTACK_SIZE);
 	call_on_stack(do_test_without_bzero);
 
 	/*
 	 * Now test with a call to explicit_bzero() and check that we
 	 * *don't* find any instances of the secret data.
 	 */
-	memset(altstack, 0, sizeof(altstack));
+	memset(altstack, 0, ALTSTACK_SIZE);
 	call_on_stack(do_test_with_bzero);
 
+	cleanup_stack();
+
 	return (0);
 }