I found this issue [in Nixpkgs](https://github.com/NixOS/nixpkgs/pull/161115#issuecomment-1113997146) 2 years ago and made a [downstream fix](https://github.com/NixOS/nixpkgs/pull/188038). After some recent reflection, I think it should be reported here. Sorry for being so late.
In this case, `scriptlet-shell` was set to `${runtimeShell}`, which was a very long path like `/nix/store/agkxax48k35wdmkhmmija2i2sxg8i7ny-bash-5.2p26/bin/bash`, causing buffer overflow when pacman tried to run an install scriptlet. The downstream fix was leaving `scriptlet-shell` as default, because setting it to `${runtimeShell}` also makes pacman unable to run scriplets in an Arch-like chroot without `/nix/store`, even if it doesn't crash pacman.
I have no idea whether there is a real use case that requires such a long scriptlet shell path. Even if not, there should at least be a build time check that throws an error when it is too long, rather than causing runtime buffer overflow.
By now, I can still reproduce this issue with the following nix expression and commands:
```nix
# pacstrap-buffer-overflow.nix
{ pkgs ? import {} }:
pkgs.arch-install-scripts.override {
pacman = pkgs.pacman.overrideAttrs (old: {
mesonFlags = old.mesonFlags ++ [
"-Dscriptlet-shell=${pkgs.runtimeShell}"
];
});
}
```
```command
$ nix-build pacstrap-buffer-overflow.nix
$ mkdir test
$ ./result/bin/pacstrap -Nc test
```
↧