The code was previously using (status >> 8) & PTRACE_EVENT_FORK to check for
a fork event, but the event is in (status >> 16), and PTRACEEVENT* is an
enumeration, not a bit mask. What was actually being tested was the low bit of
the signal, which was always set (since SIGTRAP is 5).
Presumably the old code was working fine because the child PID is only used
immediately after a fork call, but this event handling is more correct.
The code was previously using (status >> 8) & PTRACE_EVENT_FORK to check for a fork event, but the event is in (status >> 16), and PTRACEEVENT* is an enumeration, not a bit mask. What was actually being tested was the low bit of the signal, which was always set (since SIGTRAP is 5).
Presumably the old code was working fine because the child PID is only used immediately after a fork call, but this event handling is more correct.