In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution. libc does not account for all the possible return values from the kernel getcwd(2) syscall; arbitrary code execution may result from applications making further assumptions on the return value from the getcwd(3) libary function.