diff --git a/0045-fix-some-GCC-fanalyzer-warnings.patch b/0045-fix-some-GCC-fanalyzer-warnings.patch
new file mode 100644
index 0000000..e4acf48
--- /dev/null
+++ b/0045-fix-some-GCC-fanalyzer-warnings.patch
@@ -0,0 +1,113 @@
+From d43411406bb9f37968ea71c11863f485db824b23 Mon Sep 17 00:00:00 2001
+From: Rosen Penev <rosenp@gmail.com>
+Date: Tue, 24 Dec 2024 15:37:35 -0800
+Subject: [PATCH 1/4] fix some GCC fanalyzer warnings
+
+-Wfanalyzer complains about null pointer dereferences. Check for them.
+
+Signed-off-by: Rosen Penev <rosenp@gmail.com>
+---
+ placement.c        |  2 +-
+ ui/irqbalance-ui.c | 15 ++++++++-------
+ ui/ui.c            | 17 +++++++++++++----
+ 3 files changed, 22 insertions(+), 12 deletions(-)
+
+diff --git a/placement.c b/placement.c
+index 3276dea..0fa4af1 100644
+--- a/placement.c
++++ b/placement.c
+@@ -67,7 +67,7 @@ static void find_best_object(struct topo_obj *d, void *data)
+ 		best->best = d;
+ 		best->best_cost = newload;
+ 	} else if (newload == best->best_cost) {
+-		if (g_list_length(d->interrupts) < g_list_length(best->best->interrupts)) {
++		if (!best->best || g_list_length(d->interrupts) < g_list_length(best->best->interrupts)) {
+ 			best->best = d;
+ 		}
+ 	}
+diff --git a/ui/irqbalance-ui.c b/ui/irqbalance-ui.c
+index 4a6832a..9ed25e1 100644
+--- a/ui/irqbalance-ui.c
++++ b/ui/irqbalance-ui.c
+@@ -214,17 +214,18 @@ out: {
+ GList * concat_child_lists(cpu_node_t *node)
+ {
+ 	GList *new = NULL;
++	GList *cpu_entry;
+ 	GList *child_entry = g_list_first(node->children);
+-	do {
++	while (child_entry) {
+ 		cpu_node_t *child = (cpu_node_t *)child_entry->data;
+-		GList *cpu_entry = g_list_first(child->cpu_list);
+-		do {
++		cpu_entry = g_list_first(child->cpu_list);
++		while (cpu_entry) {
+ 			uint64_t *cpu = (uint64_t *)cpu_entry->data;
+ 			new = g_list_append(new, cpu);
+ 			cpu_entry = g_list_next(cpu_entry);
+-		} while(cpu_entry != NULL);
++		};
+ 		child_entry = g_list_next(child_entry);
+-	} while(child_entry != NULL);
++	}
+ 
+ 	return new;
+ }
+@@ -253,11 +254,11 @@ void assign_cpu_mask(cpu_node_t *node, void *data __attribute__((unused)))
+ 	mask[0] = '\0';
+ 	unsigned int sum = 0;
+ 	GList *list_entry = g_list_first(node->cpu_list);
+-	do {
++	while (list_entry) {
+ 		int *cpu = list_entry->data;
+ 		sum += 1 << (*cpu);
+ 		list_entry = g_list_next(list_entry);
+-	} while(list_entry != NULL);
++	};
+ 	snprintf(mask, 15, "0x%x", sum);
+ 	node->cpu_mask = mask;
+ 
+diff --git a/ui/ui.c b/ui/ui.c
+index 8325bcd..b716f3b 100644
+--- a/ui/ui.c
++++ b/ui/ui.c
+@@ -210,12 +210,16 @@ void display_banned_cpus(void)
+ 
+ int toggle_cpu(GList *cpu_list, int cpu_number)
+ {
++	cpu_ban_t *entry_data;
++
+ 	GList *entry = g_list_first(cpu_list);
+-	cpu_ban_t *entry_data = (cpu_ban_t *)(entry->data);
+-	while(entry_data->number != cpu_number) {
+-		entry = g_list_next(entry);
++	while (entry) {
+ 		entry_data = (cpu_ban_t *)(entry->data);
++		if (entry_data && entry_data->number == cpu_number)
++			break;
++		entry = g_list_next(entry);
+ 	}
++
+ 	if(((cpu_ban_t *)(entry->data))->is_banned) {
+ 		((cpu_ban_t *)(entry->data))->is_banned = 0;
+ 	} else {
+@@ -522,10 +526,15 @@ int toggle_irq(GList *irq_list, int position)
+ {
+ 	GList *entry = g_list_first(irq_list);
+ 	int irq_node = 0;
+-	while(irq_node != position) {
++
++	while(entry && irq_node != position) {
+ 		entry = g_list_next(entry);
+ 		irq_node++;
+ 	}
++
++	if (!entry)
++		return -1;
++
+ 	if(((irq_t *)(entry->data))->is_banned) {
+ 		((irq_t *)(entry->data))->is_banned = 0;
+ 	} else {
+-- 
+2.47.0
+
diff --git a/0046-Check-API-command-length-allow-up-to-16384.patch b/0046-Check-API-command-length-allow-up-to-16384.patch
new file mode 100644
index 0000000..735d581
--- /dev/null
+++ b/0046-Check-API-command-length-allow-up-to-16384.patch
@@ -0,0 +1,47 @@
+From 105b155545e00560a55d34b160324910586ae74c Mon Sep 17 00:00:00 2001
+From: Etienne Champetier <e.champetier@ateme.com>
+Date: Thu, 30 Jan 2025 15:20:31 -0500
+Subject: [PATCH 2/4] Check API command length, allow up to 16384
+
+When using the API to ban cpus or irqs, the command can easily be longer
+than 500, so increase the buffer to 16384, which fits ~3250 cpus
+or irqs, and add a check to log and exit if it is still not enough.
+
+Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
+---
+ irqbalance.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/irqbalance.c b/irqbalance.c
+index 6422a7b..f80244c 100644
+--- a/irqbalance.c
++++ b/irqbalance.c
+@@ -400,12 +400,12 @@ void get_object_stat(struct topo_obj *object, void *data)
+ #ifdef HAVE_IRQBALANCEUI
+ gboolean sock_handle(gint fd, GIOCondition condition, gpointer user_data __attribute__((unused)))
+ {
+-	char buff[500];
++	char buff[16384];
+ 	int sock;
+ 	int recv_size = 0;
+ 	int valid_user = 0;
+ 
+-	struct iovec iov = { buff, 500 };
++	struct iovec iov = { buff, sizeof(buff) };
+ 	struct msghdr msg = {
+ 		.msg_iov = &iov,
+ 		.msg_iovlen = 1,
+@@ -426,6 +426,10 @@ gboolean sock_handle(gint fd, GIOCondition condition, gpointer user_data __attri
+ 			log(TO_ALL, LOG_WARNING, "Error while receiving data.\n");
+ 			goto out_close;
+ 		}
++		if (recv_size == sizeof(buff)) {
++			log(TO_ALL, LOG_WARNING, "Received command too long.\n");
++			goto out_close;
++		}
+ 		cmsg = CMSG_FIRSTHDR(&msg);
+ 		if (!cmsg) {
+ 			log(TO_ALL, LOG_WARNING, "Connection no memory.\n");
+-- 
+2.47.0
+
diff --git a/0047-check_platform_device-Check-the-length-of-path.patch b/0047-check_platform_device-Check-the-length-of-path.patch
new file mode 100644
index 0000000..23d6a68
--- /dev/null
+++ b/0047-check_platform_device-Check-the-length-of-path.patch
@@ -0,0 +1,32 @@
+From d602002e1982a322d19034a4a64ca5a81bace7ef Mon Sep 17 00:00:00 2001
+From: Tao Liu <ltao@redhat.com>
+Date: Tue, 25 Feb 2025 16:35:34 +1300
+Subject: [PATCH 3/4] check_platform_device: Check the length of path
+
+The default length of path is 512, but the strcat() is used without
+check if path is overflowed, otherwise a segfault is observed on
+some aarch64 machines. This patch will use snprintf instead of strcat
+for the buffer length checking.
+
+Signed-off-by: Tao Liu <ltao@redhat.com>
+---
+ procinterrupts.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/procinterrupts.c b/procinterrupts.c
+index 4d04bf2..e82fac7 100644
+--- a/procinterrupts.c
++++ b/procinterrupts.c
+@@ -72,7 +72,8 @@ static int check_platform_device(char *name, struct irq_info *info)
+ 	memset(path, 0, 512);
+ 
+ 	strcat(path, "/sys/devices/platform/");
+-	strcat(path, name);
++	snprintf(path + strlen(path), sizeof(path) - strlen(path) - 1,
++		"%s", name);
+ 	strcat(path, "/");
+ 	dirfd = opendir(path);
+ 
+-- 
+2.47.0
+
diff --git a/0048-Fix-the-wrong-string-existence-checking-condition.patch b/0048-Fix-the-wrong-string-existence-checking-condition.patch
new file mode 100644
index 0000000..881c5ff
--- /dev/null
+++ b/0048-Fix-the-wrong-string-existence-checking-condition.patch
@@ -0,0 +1,41 @@
+From ffa304a885fdafaf233510baa0017ceaa1349e96 Mon Sep 17 00:00:00 2001
+From: Tao Liu <ltao@redhat.com>
+Date: Fri, 7 Mar 2025 16:08:47 +1300
+Subject: [PATCH 4/4] Fix the wrong string existence checking condition
+
+Commit da75aae4effd ("conver strncmp to g_str_has_prefix") introduced an error
+which reversed the string existence checking condition.
+
+Before that commit, the check condition is:
+  (strncmp(name, "Level", len) == 0 || strncmp(name, "Edge", len) == 0)
+
+After that commit, the check condition is equal to:
+  (strncmp(name, "Level", len) != 0 || strncmp(name, "Edge", len) != 0)
+
+This is unexpected and let's fixe this error.
+
+Signed-off-by: Tao Liu <ltao@redhat.com>
+---
+ procinterrupts.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/procinterrupts.c b/procinterrupts.c
+index e82fac7..8303ad3 100644
+--- a/procinterrupts.c
++++ b/procinterrupts.c
+@@ -172,9 +172,9 @@ void init_irq_class_and_type(char *savedline, struct irq_info *info, int irq)
+ 		 * /proc/interrupts format defined, after of interrupt type
+ 		 * the reset string is mark the irq desc name.
+ 		 */
+-		if (!g_str_has_prefix(irq_name, "Level") ||
+-                                !g_str_has_prefix(irq_name, "Edge"))
+-                        break;
++		if (g_str_has_prefix(irq_name, "Level") ||
++				g_str_has_prefix(irq_name, "Edge"))
++			break;
+ #endif
+ 	}
+ 
+-- 
+2.47.0
+
diff --git a/irqbalance.spec b/irqbalance.spec
index dba4523..9e12075 100644
--- a/irqbalance.spec
+++ b/irqbalance.spec
@@ -1,6 +1,6 @@
 Name:           irqbalance
 Version:        1.9.4
-Release:        2%{?dist}
+Release:        3%{?dist}
 Epoch:          2
 Summary:        IRQ balancing daemon
 
@@ -68,6 +68,11 @@ Patch45: 0044-Use-EPERM-instead-of-EIO-when-try-setting-irq-affini.patch
 Patch46: irqbalance-1.9.0-environment-file-sysconfig.patch
 Patch47: irqbalance-manual.patch
 
+Patch48: 0045-fix-some-GCC-fanalyzer-warnings.patch
+Patch49: 0046-Check-API-command-length-allow-up-to-16384.patch
+Patch50: 0047-check_platform_device-Check-the-length-of-path.patch
+Patch51: 0048-Fix-the-wrong-string-existence-checking-condition.patch
+
 %description
 irqbalance is a daemon that evenly distributes IRQ load across
 multiple CPUs for enhanced performance.
@@ -111,6 +116,9 @@ make check
 %systemd_postun_with_restart irqbalance.service
 
 %changelog
+* Mon Mar 10 2025 Tao Liu <ltao@redhat.com> - 2:1.9.4-3
+- Rebase to upstream commit (be5e3b8db2)
+
 * Wed Nov 6 2024 Tao Liu <ltao@redhat.com> - 2:1.9.4-2
 - Release 1.9.4-2
 - Rebase to upstream commit (b4b6f194da)