Buffer overflows in Plex Commercial Skipper

Gloppie · January 21, 2026, 6:34am

Server Version#: ALL
I tried to reach out to your bug bounty, but you ignored me.

>>> Source unpacked in /var/tmp/portage/media-tv/Comskip-0_p20250418/work
>>> Preparing source in /var/tmp/portage/media-tv/Comskip-0_p20250418/work/Comskip-0_p20250418 ...
>>> Source prepared.
>>> Configuring source in /var/tmp/portage/media-tv/Comskip-0_p20250418/work/Comskip-0_p20250418 ...
Preparing the Comskip build system...please wait

<snip>
]comskip.c: In function ‘OpenOutputFiles’:
comskip.c:6518:39: warning: �-Wformat-overflow=e[me[K][]]
 6518 |                 sprintf(tempstr, "%s%c%s", cwd, PATH_SEPARATOR, inbasename);
      |                                       ^~                        ~~~~~~~~~~
In function ‘sprintf’,
    inlined from ‘OpenOutputFiles’ at comskip.c:6518:17:
/usr/include/bits/stdio2.h:30:10: note: ‘__builtin___sprintf_chk’ output between 2 and 512 bytes into a destination of size 256
   30 |   return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   31 |                                   __glibc_objsize (__s), __fmt,
      |                                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   32 |                                   __va_arg_pack ());
      |                                   ~~~~~~~~~~~~~~~~~
comskip.c: In function ‘OpenOutputFiles’:
comskip.c:6532:30: warning: �-Wformat-overflow=e[me[K][]]
 6532 |         sprintf(filename, "%s.Xcl", mpegfilename);
      |                              ^~~~
In function ‘sprintf’,
    inlined from ‘OpenOutputFiles’ at comskip.c:6532:9:
/usr/include/bits/stdio2.h:30:10: note: ‘__builtin___sprintf_chk’ output between 5 and 260 bytes into a destination of size 256
   30 |   return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   31 |                                   __glibc_objsize (__s), __fmt,
      |                                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   32 |                                   __va_arg_pack ());
      |                                   ~~~~~~~~~~~~~~~~~
comskip.c: In function ‘OpenOutputFiles’:
comskip.c:6547:30: warning: �-Wformat-overflow=e[me[K][]]
 6547 |         sprintf(filename, "%s.avs", mpegfilename);
      |                              ^~~~
In function ‘sprintf’,
    inlined from ‘OpenOutputFiles’ at comskip.c:6547:9:
/usr/include/bits/stdio2.h:30:10: note: ‘__builtin___sprintf_chk’ output between 5 and 260 bytes into a destination of size 256
   30 |   return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   31 |                                   __glibc_objsize (__s), __fmt,
      |                                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   32 |                                   __va_arg_pack ());
      |                                   ~~~~~~~~~~~~~~~~~
comskip.c: In function ‘OpenOutputFiles’:
comskip.c:6566:30: warning: �-Wformat-overflow=e[me[K][]]
 6566 |         sprintf(filename, "%s.wme", outbasename);
      |                              ^~~~
In function ‘sprintf’,
    inlined from ‘OpenOutputFiles’ at comskip.c:6566:9:
/usr/include/bits/stdio2.h:30:10: note: ‘__builtin___sprintf_chk’ output between 5 and 260 bytes into a destination of size 256
   30 |   return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   31 |                                   __glibc_objsize (__s), __fmt,
      |                                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   32 |                                   __va_arg_pack ());
      |                                   ~~~~~~~~~~~~~~~~~
comskip.c: In function ‘OpenOutputFiles’:
comskip.c:6582:30: warning: �-Wformat-overflow=e[me[K][]]
 6582 |         sprintf(filename, "%s.mls", outbasename);
      |                              ^~~~
In function ‘sprintf’,
    inlined from ‘OpenOutputFiles’ at comskip.c:6582:9:
/usr/include/bits/stdio2.h:30:10: note: ‘__builtin___sprintf_chk’ output between 5 and 260 bytes into a destination of size 256
   30 |   return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   31 |                                   __glibc_objsize (__s), __fmt,
      |                                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   32 |                                   __va_arg_pack ());
      |                                   ~~~~~~~~~~~~~~~~~
comskip.c: In function ‘OpenOutputFiles’:
comskip.c:6604:30: warning: �-Wformat-overflow=e[me[K][]]
 6604 |         sprintf(filename, "%s_mpgtx.bat", outbasename);
      |                              ^~~~~~~~~~
In function ‘sprintf’,
    inlined from ‘OpenOutputFiles’ at comskip.c:6604:9:
/usr/include/bits/stdio2.h:30:10: note: ‘__builtin___sprintf_chk’ output between 11 and 266 bytes into a destination of size 256
   30 |   return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   31 |                                   __glibc_objsize (__s), __fmt,
      |                                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   32 |                                   __va_arg_pack ());
      |                                   ~~~~~~~~~~~~~~~~~
comskip.c: In function ‘OpenOutputFiles’:
comskip.c:6621:30: warning: �-Wformat-overflow=e[me[K][]]
 6621 |         sprintf(filename, "%s_dvrcut.bat", outbasename);
      |                              ^~~~~~~~~~~
In function ‘sprintf’,
    inlined from ‘OpenOutputFiles’ at comskip.c:6621:9:
/usr/include/bits/stdio2.h:30:10: note: ‘__builtin___sprintf_chk’ output between 12 and 267 bytes into a destination of size 256
   30 |   return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   31 |                                   __glibc_objsize (__s), __fmt,
      |                                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   32 |                                   __va_arg_pack ());
      |                                   ~~~~~~~~~~~~~~~~~
comskip.c: In function ‘OpenOutputFiles’:
comskip.c:6640:30: warning: �-Wformat-overflow=e[me[K][]]
 6640 |         sprintf(filename, "%s.xml", outbasename);
      |                              ^~~~
In function ‘sprintf’,
    inlined from ‘OpenOutputFiles’ at comskip.c:6640:9:
/usr/include/bits/stdio2.h:30:10: note: ‘__builtin___sprintf_chk’ output between 5 and 260 bytes into a destination of size 256
   30 |   return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   31 |                                   __glibc_objsize (__s), __fmt,
      |                                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   32 |                                   __va_arg_pack ());
      |                                   ~~~~~~~~~~~~~~~~~
comskip.c: In function ‘OpenOutputFiles’:
comskip.c:6656:30: warning: �-Wformat-overflow=e[me[K][]]
 6656 |         sprintf(filename, "%s_mpeg2schnitt.bat", inbasename);
      |                              ^~~~~~~~~~~~~~~~~
In function ‘sprintf’,
    inlined from ‘OpenOutputFiles’ at comskip.c:6656:9:
/usr/include/bits/stdio2.h:30:10: note: ‘__builtin___sprintf_chk’ output between 18 and 273 bytes into a destination of size 256
   30 |   return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   31 |                                   __glibc_objsize (__s), __fmt,
      |                                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   32 |                                   __va_arg_pack ());
      |                                   ~~~~~~~~~~~~~~~~~
comskip.c: In function ‘OpenOutputFiles’:
comskip.c:6697:38: warning: �-Wformat-overflow=e[me[K][]]
 6697 |                 sprintf(filename, "%s.mkvtoolnix.chapters", outbasename);
      |                                      ^~~~~~~~~~~~~~~~~~~~
In function ‘sprintf’,
    inlined from ‘OpenOutputFiles’ at comskip.c:6697:3:
/usr/include/bits/stdio2.h:30:10: note: ‘__builtin___sprintf_chk’ output between 21 and 276 bytes into a destination of size 256
   30 |   return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   31 |                                   __glibc_objsize (__s), __fmt,
      |                                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   32 |                                   __va_arg_pack ());
      |                                   ~~~~~~~~~~~~~~~~~
comskip.c: In function ‘OpenOutputFiles’:
comskip.c:6745:38: warning: �-Wformat-overflow=e[me[K][]]
 6745 |                 sprintf(filename, "%s.mkvtoolnix.tags", outbasename);
      |                                      ^~~~~~~~~~~~~~~~
In function ‘sprintf’,
    inlined from ‘OpenOutputFiles’ at comskip.c:6745:3:
/usr/include/bits/stdio2.h:30:10: note: ‘__builtin___sprintf_chk’ output between 17 and 272 bytes into a destination of size 256
   30 |   return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   31 |                                   __glibc_objsize (__s), __fmt,
      |                                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   32 |                                   __va_arg_pack ());
      |                                   ~~~~~~~~~~~~~~~~~
comskip.c: In function ‘FindString’:
comskip.c:8354:31: warning: �-Wformat-overflow=e[me[K][]]
 8354 |             sprintf(tmp, "%s\"%s\"\n", str2, foundText);
      |                               ^~             ~~~~~~~~~
In function ‘sprintf’,
    inlined from ‘FindString’ at comskip.c:8354:13:
/usr/include/bits/stdio2.h:30:10: note: ‘__builtin___sprintf_chk’ output 4 or more bytes (assuming 1027) into a destination of size 255
   30 |   return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   31 |                                   __glibc_objsize (__s), __fmt,
      |                                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   32 |                                   __va_arg_pack ());
      |                                   ~~~~~~~~~~~~~~~~~
comskip.c: In function ‘AddXDS’:
comskip.c:14840:25: warning: �-Wstringop-truncatione[me[K][]]
14840 |                         strncpy(XDS_block[XDS_block_count].name, (const char*) &XDSbuf[2], n);
      |                         ^
comskip.c: In function ‘OutputBlocks’:
comskip.c:7687:30: warning: �-Wformat-overflow=e[me[K][]]
 7687 |         sprintf(filename, "%s.VPrj", outbasename);
      |                              ^~~~~
In function ‘sprintf’,
    inlined from ‘OutputBlocks’ at comskip.c:7687:9:
/usr/include/bits/stdio2.h:30:10: note: ‘__builtin___sprintf_chk’ output between 6 and 261 bytes into a destination of size 256
   30 |   return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   31 |                                   __glibc_objsize (__s), __fmt,
      |                                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   32 |                                   __va_arg_pack ());
      |                                   ~~~~~~~~~~~~~~~~~
comskip.c: In function ‘OutputBlocks’:
comskip.c:7701:30: warning: �-Wformat-overflow=e[me[K][]]
 7701 |         sprintf(filename, "%s.VPrj", outbasename);
      |                              ^~~~~
In function ‘sprintf’,
    inlined from ‘OutputBlocks’ at comskip.c:7701:9:
/usr/include/bits/stdio2.h:30:10: note: ‘__builtin___sprintf_chk’ output between 6 and 261 bytes into a destination of size 256
   30 |   return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   31 |                                   __glibc_objsize (__s), __fmt,
      |                                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   32 |                                   __va_arg_pack ());
      |                                   ~~~~~~~~~~~~~~~~~
comskip.c: In function ‘OutputBlocks’:
comskip.c:7803:30: warning: �-Wformat-overflow=e[me[K][]]
 7803 |         sprintf(filename, "%s.tun", workbasename);
      |                              ^~~~
In function ‘sprintf’,
    inlined from ‘OutputBlocks’ at comskip.c:7803:9:
/usr/include/bits/stdio2.h:30:10: note: ‘__builtin___sprintf_chk’ output between 5 and 260 bytes into a destination of size 256
   30 |   return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   31 |                                   __glibc_objsize (__s), __fmt,
      |                                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   32 |                                   __va_arg_pack ());
      |                                   ~~~~~~~~~~~~~~~~~
comskip.c: In function ‘AddXDS’:
comskip.c:14840:25: warning: �-Wstringop-truncatione[me[K][]]
14840 |                         strncpy(XDS_block[XDS_block_count].name, (const char*) &XDSbuf[2], n);
      |                         ^
comskip.c: In function ‘OutputBlocks’:
comskip.c:7687:30: warning: �-Wformat-overflow=e[me[K][]]
 7687 |         sprintf(filename, "%s.VPrj", outbasename);
      |                              ^~~~~
In function ‘sprintf’,
    inlined from ‘OutputBlocks’ at comskip.c:7687:9:
/usr/include/bits/stdio2.h:30:10: note: ‘__builtin___sprintf_chk’ output between 6 and 261 bytes into a destination of size 256
   30 |   return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   31 |                                   __glibc_objsize (__s), __fmt,
      |                                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   32 |                                   __va_arg_pack ());
      |                                   ~~~~~~~~~~~~~~~~~
comskip.c: In function ‘OutputBlocks’:
comskip.c:7701:30: warning: �-Wformat-overflow=e[me[K][]]
 7701 |         sprintf(filename, "%s.VPrj", outbasename);
      |                              ^~~~~
In function ‘sprintf’,
    inlined from ‘OutputBlocks’ at comskip.c:7701:9:
/usr/include/bits/stdio2.h:30:10: note: ‘__builtin___sprintf_chk’ output between 6 and 261 bytes into a destination of size 256
   30 |   return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   31 |                                   __glibc_objsize (__s), __fmt,
      |                                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   32 |                                   __va_arg_pack ());
      |                                   ~~~~~~~~~~~~~~~~~
comskip.c: In function ‘OutputBlocks’:
comskip.c:7803:30: warning: �-Wformat-overflow=e[me[K][]]
 7803 |         sprintf(filename, "%s.tun", workbasename);
      |                              ^~~~
In function ‘sprintf’,
    inlined from ‘OutputBlocks’ at comskip.c:7803:9:
/usr/include/bits/stdio2.h:30:10: note: ‘__builtin___sprintf_chk’ output between 5 and 260 bytes into a destination of size 256
   30 |   return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   31 |                                   __glibc_objsize (__s), __fmt,
      |                                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   32 |                                   __va_arg_pack ());
      |                                   ~~~~~~~~~~~~~~~~~
comskip.c: In function ‘BuildMasterCommList.part.0’:
comskip.c:4657:30: warning: �-Wformat-overflow=e[me[K][]]
 4657 |             sprintf(temp, "%s.ccno", workbasename);
      |                              ^~~~~
In function ‘sprintf’,
    inlined from ‘BuildMasterCommList.part.0’ at comskip.c:4657:13:
/usr/include/bits/stdio2.h:30:10: note: ‘__builtin___sprintf_chk’ output between 6 and 261 bytes into a destination of size 256
   30 |   return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   31 |                                   __glibc_objsize (__s), __fmt,
      |                                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   32 |                                   __va_arg_pack ());
      |                                   ~~~~~~~~~~~~~~~~~
comskip.c: In function ‘BuildMasterCommList.part.0’:
comskip.c:4660:30: warning: �-Wformat-overflow=e[me[K][]]
 4660 |             sprintf(temp, "%s.ccyes", workbasename);
      |                              ^~~~~~
In function ‘sprintf’,
    inlined from ‘BuildMasterCommList.part.0’ at comskip.c:4660:13:
/usr/include/bits/stdio2.h:30:10: note: ‘__builtin___sprintf_chk’ output between 7 and 262 bytes into a destination of size 256
   30 |   return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   31 |                                   __glibc_objsize (__s), __fmt,
      |                                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   32 |                                   __va_arg_pack ());
      |                                   ~~~~~~~~~~~~~~~~~
comskip.c: In function ‘BuildMasterCommList.part.0’:
comskip.c:4649:30: warning: �-Wformat-overflow=e[me[K][]]
 4649 |             sprintf(temp, "%s.ccyes", workbasename);
      |                              ^~~~~~
In function ‘sprintf’,
    inlined from ‘BuildMasterCommList.part.0’ at comskip.c:4649:13:
/usr/include/bits/stdio2.h:30:10: note: ‘__builtin___sprintf_chk’ output between 7 and 262 bytes into a destination of size 256
   30 |   return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   31 |                                   __glibc_objsize (__s), __fmt,
      |                                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   32 |                                   __va_arg_pack ());
      |                                   ~~~~~~~~~~~~~~~~~
comskip.c: In function ‘BuildMasterCommList.part.0’:
comskip.c:4652:30: warning: �-Wformat-overflow=e[me[K][]]
 4652 |             sprintf(temp, "%s.ccno", workbasename);
      |                              ^~~~~
In function ‘sprintf’,
    inlined from ‘BuildMasterCommList.part.0’ at comskip.c:4652:13:
/usr/include/bits/stdio2.h:30:10: note: ‘__builtin___sprintf_chk’ output between 6 and 261 bytes into a destination of size 256
   30 |   return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   31 |                                   __glibc_objsize (__s), __fmt,
      |                                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   32 |                                   __va_arg_pack ());
      |                                   ~~~~~~~~~~~~~~~~~
comskip.c: In function ‘BuildCommListAsYouGo’:
comskip.c:16116:38: warning: �-Wformat-overflow=e[me[K][]]
16116 |                 sprintf(filename, "%s.edl", outbasename);
      |                                      ^~~~
In function ‘sprintf’,
    inlined from ‘BuildCommListAsYouGo’ at comskip.c:16116:17:
/usr/include/bits/stdio2.h:30:10: note: ‘__builtin___sprintf_chk’ output between 5 and 260 bytes into a destination of size 255
   30 |   return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   31 |                                   __glibc_objsize (__s), __fmt,
      |                                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   32 |                                   __va_arg_pack ());
      |                                   ~~~~~~~~~~~~~~~~~
comskip.c: In function ‘BuildCommListAsYouGo’:
comskip.c:16131:38: warning: �-Wformat-overflow=e[me[K][]]
16131 |                 sprintf(filename, "%s.live", outbasename);
      |                                      ^~~~~
In function ‘sprintf’,
    inlined from ‘BuildCommListAsYouGo’ at comskip.c:16131:17:
/usr/include/bits/stdio2.h:30:10: note: ‘__builtin___sprintf_chk’ output between 6 and 261 bytes into a destination of size 255
   30 |   return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   31 |                                   __glibc_objsize (__s), __fmt,
      |                                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   32 |                                   __va_arg_pack ());
      |                                   ~~~~~~~~~~~~~~~~~
comskip.c: In function ‘BuildCommListAsYouGo’:
comskip.c:16147:38: warning: �-Wformat-overflow=e[me[K][]]
16147 |                 sprintf(filename, "%s.xml", outbasename);
      |                                      ^~~~
In function ‘sprintf’,
    inlined from ‘BuildCommListAsYouGo’ at comskip.c:16147:17:
/usr/include/bits/stdio2.h:30:10: note: ‘__builtin___sprintf_chk’ output between 5 and 260 bytes into a destination of size 255
   30 |   return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   31 |                                   __glibc_objsize (__s), __fmt,
      |                                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   32 |                                   __va_arg_pack ());
      |                                   ~~~~~~~~~~~~~~~~~
comskip.c: In function ‘BuildCommListAsYouGo’:
comskip.c:16256:38: warning: �-Wformat-overflow=e[me[K][]]
16256 |                 sprintf(filename, "%s.incommercial", workbasename);
      |                                      ^~~~~~~~~~~~~
In function ‘sprintf’,
    inlined from ‘BuildCommListAsYouGo’ at comskip.c:16256:17:
/usr/include/bits/stdio2.h:30:10: note: ‘__builtin___sprintf_chk’ output between 14 and 269 bytes into a destination of size 255
   30 |   return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   31 |                                   __glibc_objsize (__s), __fmt,
      |                                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   32 |                                   __va_arg_pack ());
      |                                   ~~~~~~~~~~~~~~~~~
comskip.c: In function ‘dump_audio_start’:
comskip.c:16447:26: warning: �-Wformat-overflow=e[me[K][]]
16447 |         sprintf(temp, "%s.mp2", workbasename);
      |                          ^~~~
In function ‘sprintf’,
    inlined from ‘dump_audio_start’ at comskip.c:16447:9:
/usr/include/bits/stdio2.h:30:10: note: ‘__builtin___sprintf_chk’ output between 5 and 260 bytes into a destination of size 256
   30 |   return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   31 |                                   __glibc_objsize (__s), __fmt,
      |                                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   32 |                                   __va_arg_pack ());
      |                                   ~~~~~~~~~~~~~~~~~
comskip.c: In function ‘dump_video_start’:
comskip.c:16469:26: warning: �-Wformat-overflow=e[me[K][]]
16469 |         sprintf(temp, "%s.m2v", workbasename);
      |                          ^~~~
In function ‘sprintf’,
    inlined from ‘dump_video_start’ at comskip.c:16469:9:
/usr/include/bits/stdio2.h:30:10: note: ‘__builtin___sprintf_chk’ output between 5 and 260 bytes into a destination of size 256
   30 |   return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   31 |                                   __glibc_objsize (__s), __fmt,
      |                                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   32 |                                   __va_arg_pack ());
      |                                   ~~~~~~~~~~~~~~~~~
comskip.c: In function ‘BuildMasterCommList.part.0’:
comskip.c:4657:30: warning: �-Wformat-overflow=e[me[K][]]
 4657 |             sprintf(temp, "%s.ccno", workbasename);
      |                              ^~~~~
In function ‘sprintf’,
    inlined from ‘BuildMasterCommList.part.0’ at comskip.c:4657:13:
/usr/include/bits/stdio2.h:30:10: note: ‘__builtin___sprintf_chk’ output between 6 and 261 bytes into a destination of size 256
   30 |   return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   31 |                                   __glibc_objsize (__s), __fmt,
      |                                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   32 |                                   __va_arg_pack ());
      |                                   ~~~~~~~~~~~~~~~~~
comskip.c: In function ‘BuildMasterCommList.part.0’:
comskip.c:4660:30: warning: �-Wformat-overflow=e[me[K][]]
 4660 |             sprintf(temp, "%s.ccyes", workbasename);
      |                              ^~~~~~
In function ‘sprintf’,
    inlined from ‘BuildMasterCommList.part.0’ at comskip.c:4660:13:
/usr/include/bits/stdio2.h:30:10: note: ‘__builtin___sprintf_chk’ output between 7 and 262 bytes into a destination of size 256
   30 |   return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   31 |                                   __glibc_objsize (__s), __fmt,
      |                                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   32 |                                   __va_arg_pack ());
      |                                   ~~~~~~~~~~~~~~~~~
comskip.c: In function ‘BuildMasterCommList.part.0’:
comskip.c:4649:30: warning: �-Wformat-overflow=e[me[K][]]
 4649 |             sprintf(temp, "%s.ccyes", workbasename);
      |                              ^~~~~~
In function ‘sprintf’,
    inlined from ‘BuildMasterCommList.part.0’ at comskip.c:4649:13:
/usr/include/bits/stdio2.h:30:10: note: ‘__builtin___sprintf_chk’ output between 7 and 262 bytes into a destination of size 256
   30 |   return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   31 |                                   __glibc_objsize (__s), __fmt,
      |                                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   32 |                                   __va_arg_pack ());
      |                                   ~~~~~~~~~~~~~~~~~
comskip.c: In function ‘BuildMasterCommList.part.0’:
comskip.c:4652:30: warning: �-Wformat-overflow=e[me[K][]]
 4652 |             sprintf(temp, "%s.ccno", workbasename);
      |                              ^~~~~
In function ‘sprintf’,
    inlined from ‘BuildMasterCommList.part.0’ at comskip.c:4652:13:
/usr/include/bits/stdio2.h:30:10: note: ‘__builtin___sprintf_chk’ output between 6 and 261 bytes into a destination of size 256
   30 |   return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   31 |                                   __glibc_objsize (__s), __fmt,
      |                                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   32 |                                   __va_arg_pack ());
      |                                   ~~~~~~~~~~~~~~~~~
comskip.c: In function ‘BuildCommListAsYouGo’:
comskip.c:16116:38: warning: �-Wformat-overflow=e[me[K][]]
16116 |                 sprintf(filename, "%s.edl", outbasename);
      |                                      ^~~~
In function ‘sprintf’,
    inlined from ‘BuildCommListAsYouGo’ at comskip.c:16116:17:
/usr/include/bits/stdio2.h:30:10: note: ‘__builtin___sprintf_chk’ output between 5 and 260 bytes into a destination of size 255
   30 |   return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   31 |                                   __glibc_objsize (__s), __fmt,
      |                                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   32 |                                   __va_arg_pack ());
      |                                   ~~~~~~~~~~~~~~~~~
comskip.c: In function ‘BuildCommListAsYouGo’:
comskip.c:16131:38: warning: �-Wformat-overflow=e[me[K][]]
16131 |                 sprintf(filename, "%s.live", outbasename);
      |                                      ^~~~~
In function ‘sprintf’,
    inlined from ‘BuildCommListAsYouGo’ at comskip.c:16131:17:
/usr/include/bits/stdio2.h:30:10: note: ‘__builtin___sprintf_chk’ output between 6 and 261 bytes into a destination of size 255
   30 |   return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   31 |                                   __glibc_objsize (__s), __fmt,
      |                                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   32 |                                   __va_arg_pack ());
      |                                   ~~~~~~~~~~~~~~~~~
comskip.c: In function ‘BuildCommListAsYouGo’:
comskip.c:16147:38: warning: �-Wformat-overflow=e[me[K][]]
16147 |                 sprintf(filename, "%s.xml", outbasename);
      |                                      ^~~~
In function ‘sprintf’,
    inlined from ‘BuildCommListAsYouGo’ at comskip.c:16147:17:
/usr/include/bits/stdio2.h:30:10: note: ‘__builtin___sprintf_chk’ output between 5 and 260 bytes into a destination of size 255
   30 |   return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   31 |                                   __glibc_objsize (__s), __fmt,
      |                                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   32 |                                   __va_arg_pack ());
      |                                   ~~~~~~~~~~~~~~~~~
comskip.c: In function ‘BuildCommListAsYouGo’:
comskip.c:16256:38: warning: �-Wformat-overflow=e[me[K][]]
16256 |                 sprintf(filename, "%s.incommercial", workbasename);
      |                                      ^~~~~~~~~~~~~
In function ‘sprintf’,
    inlined from ‘BuildCommListAsYouGo’ at comskip.c:16256:17:
/usr/include/bits/stdio2.h:30:10: note: ‘__builtin___sprintf_chk’ output between 14 and 269 bytes into a destination of size 255
   30 |   return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   31 |                                   __glibc_objsize (__s), __fmt,
      |                                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   32 |                                   __va_arg_pack ());
      |                                   ~~~~~~~~~~~~~~~~~
comskip.c: In function ‘LoadSettings’:
comskip.c:9160:39: warning: �-Wformat-overflow=e[me[K][]]
 9160 |             sprintf(inifilename, "%s%ccomskip.ini", HomeDir, PATH_SEPARATOR);
      |                                       ^~~~~~~~~~~
In function ‘sprintf’,
    inlined from ‘LoadSettings’ at comskip.c:9160:13:
/usr/include/bits/stdio2.h:30:10: note: ‘__builtin___sprintf_chk’ output between 13 and 268 bytes into a destination of size 256
   30 |   return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   31 |                                   __glibc_objsize (__s), __fmt,
      |                                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   32 |                                   __va_arg_pack ());
      |                                   ~~~~~~~~~~~~~~~~~
comskip.c: In function ‘LoadSettings’:
comskip.c:9163:35: warning: �-Wformat-overflow=e[me[K][]]
 9163 |         sprintf(exefilename, "%s%ccomskip.exe", HomeDir, PATH_SEPARATOR);
      |                                   ^~~~~~~~~~~
In function ‘sprintf’,
    inlined from ‘LoadSettings’ at comskip.c:9163:9:
/usr/include/bits/stdio2.h:30:10: note: ‘__builtin___sprintf_chk’ output between 13 and 268 bytes into a destination of size 256
   30 |   return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   31 |                                   __glibc_objsize (__s), __fmt,
      |                                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   32 |                                   __va_arg_pack ());
      |                                   ~~~~~~~~~~~~~~~~~
comskip.c: In function ‘LoadSettings’:
comskip.c:9164:36: warning: �-Wformat-overflow=e[me[K][]]
 9164 |         sprintf(dictfilename, "%s%ccomskip.dictionary", HomeDir, PATH_SEPARATOR);
      |                                    ^~~~~~~~~~~~~~~~~~
In function ‘sprintf’,
    inlined from ‘LoadSettings’ at comskip.c:9164:9:
/usr/include/bits/stdio2.h:30:10: note: ‘__builtin___sprintf_chk’ output between 20 and 275 bytes into a destination of size 256
   30 |   return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   31 |                                   __glibc_objsize (__s), __fmt,
      |                                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   32 |                                   __va_arg_pack ());
      |                                   ~~~~~~~~~~~~~~~~~
comskip.c: In function ‘dump_audio_start’:
comskip.c:16447:26: warning: �-Wformat-overflow=e[me[K][]]
16447 |         sprintf(temp, "%s.mp2", workbasename);
      |                          ^~~~
In function ‘sprintf’,
    inlined from ‘dump_audio_start’ at comskip.c:16447:9:
/usr/include/bits/stdio2.h:30:10: note: ‘__builtin___sprintf_chk’ output between 5 and 260 bytes into a destination of size 256
   30 |   return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   31 |                                   __glibc_objsize (__s), __fmt,
      |                                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   32 |                                   __va_arg_pack ());
      |                                   ~~~~~~~~~~~~~~~~~
comskip.c: In function ‘dump_video_start’:
comskip.c:16469:26: warning: �-Wformat-overflow=e[me[K][]]
16469 |         sprintf(temp, "%s.m2v", workbasename);
      |                          ^~~~
In function ‘sprintf’,
    inlined from ‘dump_video_start’ at comskip.c:16469:9:
/usr/include/bits/stdio2.h:30:10: note: ‘__builtin___sprintf_chk’ output between 5 and 260 bytes into a destination of size 256
   30 |   return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   31 |                                   __glibc_objsize (__s), __fmt,
      |                                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   32 |                                   __va_arg_pack ());
      |                                   ~~~~~~~~~~~~~~~~~
mv -f .deps/comskip-comskip.Tpo .deps/comskip-comskip.Po
comskip.c: In function ‘LoadSettings’:
comskip.c:9160:39: warning: �-Wformat-overflow=e[me[K][]]
 9160 |             sprintf(inifilename, "%s%ccomskip.ini", HomeDir, PATH_SEPARATOR);
      |                                       ^~~~~~~~~~~
In function ‘sprintf’,
    inlined from ‘LoadSettings’ at comskip.c:9160:13:
/usr/include/bits/stdio2.h:30:10: note: ‘__builtin___sprintf_chk’ output between 13 and 268 bytes into a destination of size 256
   30 |   return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   31 |                                   __glibc_objsize (__s), __fmt,
      |                                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   32 |                                   __va_arg_pack ());
      |                                   ~~~~~~~~~~~~~~~~~
comskip.c: In function ‘LoadSettings’:
comskip.c:9163:35: warning: �-Wformat-overflow=e[me[K][]]
 9163 |         sprintf(exefilename, "%s%ccomskip.exe", HomeDir, PATH_SEPARATOR);
      |                                   ^~~~~~~~~~~
In function ‘sprintf’,
    inlined from ‘LoadSettings’ at comskip.c:9163:9:
/usr/include/bits/stdio2.h:30:10: note: ‘__builtin___sprintf_chk’ output between 13 and 268 bytes into a destination of size 256
   30 |   return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   31 |                                   __glibc_objsize (__s), __fmt,
      |                                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   32 |                                   __va_arg_pack ());
      |                                   ~~~~~~~~~~~~~~~~~
comskip.c: In function ‘LoadSettings’:
comskip.c:9164:36: warning: �-Wformat-overflow=e[me[K][]]
 9164 |         sprintf(dictfilename, "%s%ccomskip.dictionary", HomeDir, PATH_SEPARATOR);
      |                                    ^~~~~~~~~~~~~~~~~~
In function ‘sprintf’,
    inlined from ‘LoadSettings’ at comskip.c:9164:9:
/usr/include/bits/stdio2.h:30:10: note: ‘__builtin___sprintf_chk’ output between 20 and 275 bytes into a destination of size 256
   30 |   return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   31 |                                   __glibc_objsize (__s), __fmt,
      |                                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   32 |                                   __va_arg_pack ());
      |                                   ~~~~~~~~~~~~~~~~~
mv -f .deps/comskip_gui-comskip.Tpo .deps/comskip_gui-comskip.Po
 * ERROR: media-tv/Comskip-0_p20250418::om failed (compile phase):
 *   emake failed

drzoidberg33 · January 21, 2026, 7:10am

I’m assuming you sent this to security@plex.tv as outlined here: https://support.plex.tv/articles/reporting-security-issues/ ?

When was your report submitted and does it demonstrate a clear reproducible security concern?

Low quality reports might be ignored if they don’t include clear steps, impact and proof of concept code. If you feel your initial report satisfies this then feel free to DM me with the original report and I’ll bring it up with the security team.

Gloppie · January 26, 2026, 9:26pm

Yes, I responded there and was ignored. Please update this to work with the new ffmpeg.

drzoidberg33 · January 27, 2026, 8:39am

You haven’t answered this yet.

Gloppie · January 27, 2026, 8:37pm

maybe go through your own info.

Gloppie · January 28, 2026, 9:03pm

Is this fixed in the update?

Gloppie · February 17, 2026, 9:32pm

Is this fixed in the update?

Gloppie · February 17, 2026, 10:22pm

I think this is five updates since I made this public.

Atomatth · February 18, 2026, 4:03pm

You haven’t provided enough information to be actionable. Please resubmit to security@plex.tv and be sure to follow the requirements outlined in https://support.plex.tv/articles/reporting-security-issues/.

Feel free to DM me or @drzoidberg33 with clear reproducible steps. We are willing to address your concerns but you need to provide reproducible steps. Help us help you.

Gloppie · February 20, 2026, 2:23am

Are you denying a problem when you can clearly see issues?

Atomatth · February 20, 2026, 2:37pm

I’m not denying anything. You haven’t clearly identified what the issue is and how to reproduce it. Stating “You have an issue, go find it” is not helpful. If you are seeing an issue, properly report it with logs and steps to reproduce it. Again, help us help you.

Gloppie · March 12, 2026, 11:05pm

Is this fixed, yet? Your company is sending out emails to update.

Atomatth · March 13, 2026, 1:46pm

If the issue is related to our commercial skipper can you please do the following;

Confirm server DEBUG logging is enabled, VERBOSE logging is disabled.
SAVE if changes.
Restart PMS
Give it two minutes to start and stabilize
Start a recording
Let the recording finish
Let the commercial skipper finish
Download the server logs
Attach the logs so I may see them

If you have any previously recorded videos, depending on your server and/or library settings, you can either manually trigger the commercial skipper by Analyzing the video or readding the video or performing a Plex Dance. More information about the commercial skipper can be found here.

Gloppie · March 14, 2026, 8:11pm

you would know if you updated this. It’s not compatible with the newest ffmpeg.

Atomatth · March 14, 2026, 11:45pm

Can you please describe what the issue is that you’re seeing?

Gloppie · March 14, 2026, 11:46pm

When I compile the OSS you stripmined, my compiler fuzzing reveals buffer overflows.

Atomatth · March 15, 2026, 4:28am

I’m not sure I understand. What are you compiling and how? There should not be anything to compile. Our server installers can be found here.

Gloppie · March 15, 2026, 4:30am

and they contain https://github.com/erikkaashoek/Comskip which is insecure.

Atomatth · March 15, 2026, 4:54pm

It’s still not clear what the problem is. There shouldn’t be anything that needs to be compiled. This sounds like something outside the scope of what we can provide support for. If you could provide detailed steps of what it is you’re doing, it would be helpful with determining whether we can or cannot provide support.

Gloppie · March 15, 2026, 5:21pm

You dont even keep track of your software dependents? What do you think Plex Commercial Skipper is? you dont seriously think you guys wrote it do you?

Topic		Replies	Views
For the 4th update in a row, commercial skip does not work Plex Features livetv-dvr	11	671	January 9, 2020
Commercial Skipping is broken starting in 1.18.6.2368 Live TV & DVR livetv-dvr , server-windows	272	9708	January 11, 2021
Dramatically improve commercial skip in USA General Discussions livetv-dvr	46	5778	April 15, 2021
Linux commercial detection Plex Features livetv-dvr	149	2246	January 8, 2020
Null pointer in Plex Commercial skip Desktops & Laptops server-linux	4	177	March 9, 2023

Buffer overflows in Plex Commercial Skipper

Related topics