--- stdlib/canonicalize.c     	1970-01-01 00:00:00.000000000 +0000
+++ stdlib/canonicalize.c	2017-12-31 12:00:00.000000000 +0000
@@ -118,8 +118,17 @@
       else if (end - start == 2 && start[0] == '.' && start[1] == '.')
 	{
 	  /* Back up to previous component, ignore if at root already.  */
-	  if (dest > rpath + 1)
-	    while ((--dest)[-1] != '/');
+          dest--;
+          while ((dest != rpath) && (*--dest != '/'));
+          if ((dest == rpath) && (*dest != '/')) {
+            /* Return EACCES to stay compliant to current documentation:
+            "Read or search permission was denied for a component of the
+            path prefix." Unreachable root directories should not be
+            accessed, see https://www.halfdog.net/Security/2017/LibcRealpathBufferUnderflow/ */
+            __set_errno (EACCES);
+            goto error;
+          }
+          dest++;
 	}
       else
 	{