getsockname returns -1, errno is EBADF?

Question

The program runs up to the getsockname where the return is -1 and errno is 9 (EBADF， bad file descriptor). However, the code instrumented in Android app goes well.

void sysLibCSendHookHandler(CPUState* env, int isStart){

if(isStart){
    int fd = env->regs[0];
    int buf = env->regs[1];
    int len = env->regs[2];
    int flags = env->regs[3];
    DECAF_printf("xxxxx send(%d, %p, %d, %d)\n", fd, buf, len, flags);
    extern int errno;
    struct sockaddr_un sock_addr;
    socklen_t sock_addr_len;
    sock_addr_len = sizeof(sock_addr);
    int t = getsockname(fd, (struct sockaddr*)&sock_addr, &sock_addr_len);
     DECAF_printf("fd:%d",fd);}

*"However, the code instrumented in android app goes well..."* - Does that mean the problem is in a simulator? — jww, Jul 03 '17 at 17:07
`EBADF` means the file descriptor passed to `getsockname()` is not valid. This code *implies* that you are somehow hooking the `send()` function, is that right? How exactly? This code is assuming the parameters are being passed in CPU registers, but they are usually passed on the stack instead. What makes you think the `send()` parameters are being stored in `env->regs[]` at all? — Remy Lebeau, Jul 03 '17 at 20:31

score 2 · Answer 1 · answered Jul 03 '17 at 23:57

This code results in undefined behavior:

extern int errno;

Per 7.5 Errors <errno.h> of the C Standard (note the bolded part):

The header defines several macros, all relating to the reporting of error conditions.

The macros are
EDOM
EILSEQ
ERANGE
which expand to integer constant expressions with type int, distinct positive values, and which are suitable for use in #if preprocessing directives; and
errno
which expands to a modifiable lvalue that has type int and thread local storage duration, the value of which is set to a positive error number by several library functions. If a macro definition is suppressed in order to access an actual object, or a program defines an identifier with the name errno, the behavior is undefined.

According to the Google Android source code, errno is a macro defined as

extern int *__geterrno(void);

#define errno (*__geterrno())

That being the case, the value you see in your extern int errno is meaningless.

getsockname returns -1, errno is EBADF?

1 Answers1