From 39a0f4a1a700e25dc233f5f365320382874db5be Mon Sep 17 00:00:00 2001
From: chichina <50291063+chichina@users.noreply.github.com>
Date: Tue, 25 Apr 2023 15:12:51 +0800
Subject: [PATCH] Fix failed to run execsnoop (#28)

* Update README.md

without having initialised it, the verifier complains, because reading uninitialised memory from the kernel introduces a security risk.

* Update execsnoop.bpf.c

without having initialised it, the verifier complains, because reading uninitialised memory from the kernel introduces a security risk.
---
 src/7-execsnoop/README.md       | 2 +-
 src/7-execsnoop/execsnoop.bpf.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/7-execsnoop/README.md b/src/7-execsnoop/README.md
index e38b02c..8330cb9 100644
--- a/src/7-execsnoop/README.md
+++ b/src/7-execsnoop/README.md
@@ -52,7 +52,7 @@ int tracepoint__syscalls__sys_enter_execve(struct trace_event_raw_sys_enter* ctx
 {
  u64 id;
  pid_t pid, tgid;
- struct event event;
+ struct event event={0};
  struct task_struct *task;
 
  uid_t uid = (u32)bpf_get_current_uid_gid();
diff --git a/src/7-execsnoop/execsnoop.bpf.c b/src/7-execsnoop/execsnoop.bpf.c
index 4ea9978..50544fb 100644
--- a/src/7-execsnoop/execsnoop.bpf.c
+++ b/src/7-execsnoop/execsnoop.bpf.c
@@ -15,7 +15,7 @@ int tracepoint__syscalls__sys_enter_execve(struct trace_event_raw_sys_enter* ctx
 {
 	u64 id;
 	pid_t pid, tgid;
-	struct event event;
+	struct event event={0};
 	struct task_struct *task;
 
 	uid_t uid = (u32)bpf_get_current_uid_gid();