diff -up audit-3.1.5/lib/libaudit.c.orig audit-3.1.5/lib/libaudit.c
--- audit-3.1.5/lib/libaudit.c.orig	2025-02-11 12:11:17.529016934 +0100
+++ audit-3.1.5/lib/libaudit.c	2025-02-11 12:13:51.206171338 +0100
@@ -1516,37 +1516,35 @@ static char* filter_supported_syscalls(c
 		return NULL;
 	}
 
-	// Allocate memory for the filtered syscalls string
-	char* filtered_syscalls = malloc(strlen(syscalls) + 1);
-	if (filtered_syscalls == NULL) {
-		return NULL;
-	}
-	filtered_syscalls[0] = '\0'; // Initialize as empty string
-
-	// Tokenize the syscalls string and filter unsupported syscalls
+	char buf[512] = "";
+	char* ptr = buf;
 	const char* delimiter = ",";
+
 	char* syscalls_copy = strdup(syscalls);
-	if (syscalls_copy == NULL) {
-		free(filtered_syscalls);
+	if (syscalls_copy == NULL)
 		return NULL;
-	}
+
 	char* token = strtok(syscalls_copy, delimiter);
+	int first = 1; // Track if this is the first syscall being added
+
 	while (token != NULL) {
 		if (audit_name_to_syscall(token, machine) != -1) {
-			strcat(filtered_syscalls, token);
-			strcat(filtered_syscalls, delimiter);
+			if (!first)
+				*ptr++ = ',';
+			ptr = stpcpy(ptr, token);
+			first = 0;
 		}
 		token = strtok(NULL, delimiter);
 	}
+
 	free(syscalls_copy);
 
-	// Remove the trailing delimiter, if present
-	size_t len = strlen(filtered_syscalls);
-	if (len > 0 && filtered_syscalls[len - 1] == ',') {
-		filtered_syscalls[len - 1] = '\0';
+	// If no valid syscalls were found, return NULL
+	if (ptr == buf) {
+		return NULL;
 	}
 
-	return filtered_syscalls;
+	return strdup(buf);
 }
 
 static int audit_add_perm_syscalls(int perm, struct audit_rule_data *rule)