From 80cd65d34776cb16f606232e8bdc425cae85dfa4 Mon Sep 17 00:00:00 2001
From: Gauvain 'GovanifY' Roussel-Tarbouriech <gauvain@govanify.com>
Date: Mon, 29 Mar 2021 14:58:45 +0200
Subject: [PATCH] ipc: remove possible memory corruption due to strcat on
 provided pointer

---
 pcsx2/IPC.cpp | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/pcsx2/IPC.cpp b/pcsx2/IPC.cpp
index 59b720248e..a3ac6492a4 100644
--- a/pcsx2/IPC.cpp
+++ b/pcsx2/IPC.cpp
@@ -76,17 +76,22 @@ SocketIPC::SocketIPC(SysCoreThread* vm, unsigned int slot)
 	}
 
 #else
+	char* runtime_dir = nullptr;
 #ifdef __APPLE__
-	char* runtime_dir = std::getenv("TMPDIR");
+	runtime_dir = std::getenv("TMPDIR");
 #else
-	char* runtime_dir = std::getenv("XDG_RUNTIME_DIR");
+	runtime_dir = std::getenv("XDG_RUNTIME_DIR");
 #endif
 	// fallback in case macOS or other OSes don't implement the XDG base
 	// spec
-	if (runtime_dir == NULL)
+	if (runtime_dir == nullptr)
 		m_socket_name = (char*)"/tmp/" IPC_EMULATOR_NAME ".sock";
 	else
-		m_socket_name = strcat(runtime_dir, "/" IPC_EMULATOR_NAME ".sock");
+	{
+		m_socket_name = new char[strlen(runtime_dir) + strlen("/" IPC_EMULATOR_NAME ".sock") + 1];
+		strcpy(m_socket_name, runtime_dir);
+		strcat(m_socket_name, "/" IPC_EMULATOR_NAME ".sock");
+	}
 
 	if (slot != IPC_DEFAULT_SLOT)
 	{