ci: test example modules with AddressSanitizer

This requires a certain degree of compatibility between the Rust and C
toolchains, so we use AlmaLinux packages of clang and rustc that are
built against the same LLVM and are known to be compatible.

This also requires unstable compiler options, but `RUSTC_BOOTSTRAP=1`
can be used to force enable nightly features on stable toolchain.

Author: bavshin-f5

.github/workflows/sanitizers.yaml

@@ -0,0 +1,109 @@
+name: sanitizers
+
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+
+env:
+  CARGO_TERM_COLOR: 'always'
+  RUST_BACKTRACE: '1'
+  BUILDREQUIRES: >-
+    openssl-devel pcre2-devel zlib-devel
+    cargo rust-src rustfmt
+    clang compiler-rt
+    git-core
+    make patch
+    perl-FindBin
+    perl-IO-Socket-SSL
+    perl-Test-Harness
+    perl-Test-Simple
+    perl-lib
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    container: ghcr.io/almalinux/almalinux:10
+
+    strategy:
+      fail-fast: false
+      matrix:
+        nginx-ref:
+          # master
+          - stable-1.28
+
+    steps:
+      - name: Install dependencies
+        run:  dnf install -y ${BUILDREQUIRES}
+
+      - uses: actions/checkout@v4
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ matrix.nginx-ref }}
+          repository: 'nginx/nginx'
+          path: 'nginx'
+      - uses: actions/checkout@v4
+        with:
+          repository: 'nginx/nginx-tests'
+          path: 'nginx/tests'
+
+      - uses: actions/cache@v4
+        with:
+          path: |
+            ~/.cargo/bin/
+            ~/.cargo/registry/index/
+            ~/.cargo/registry/cache/
+            ~/.cargo/git/db/
+            nginx/objs/ngx_rust_examples
+          key: ${{ runner.os }}-cargo-asan-${{ hashFiles('**/Cargo.lock') }}
+          restore-keys: ${{ runner.os }}-cargo-asan-
+
+      - name: Configure and build nginx
+        working-directory: nginx
+        env:
+          CFLAGS: >-
+            -DNGX_DEBUG_PALLOC=1
+            -DNGX_SUPPRESS_WARN=1
+            -O1
+            -fno-omit-frame-pointer
+            -fsanitize=address,undefined
+          LDFLAGS: -fsanitize=address,undefined
+          RUST_TARGET: x86_64-unknown-linux-gnu
+          RUSTFLAGS: -Zsanitizer=address -Zexternal-clangrt
+          # Extra options passed to cargo rustc
+          NGX_RUSTC_OPT: -Zbuild-std
+          # Enable unstable features, such as the -Z options above,
+          # in the stable toolchain.
+          RUSTC_BOOTSTRAP: 1
+        run: |
+          patch -p1 < $GITHUB_WORKSPACE/misc/nginx-sanitizer-support.patch
+          auto/configure \
+            --with-cc=clang \
+            --with-cc-opt="$CFLAGS" \
+            --with-ld-opt="$LDFLAGS" \
+            --with-compat \
+            --with-debug \
+            --with-http_ssl_module \
+            --with-http_v2_module \
+            --with-http_v3_module \
+            --with-stream \
+            --with-stream_ssl_module \
+            --with-threads \
+            --add-module=$(realpath ../examples)
+          make -j$(nproc)
+
+      - name: Run tests
+        env:
+          ASAN_OPTIONS: detect_stack_use_after_return=1:detect_odr_violation=0
+          # `container` job steps are running as root, and thus all the files
+          # created by the test scripts are owned by root.
+          # But the worker processes are spawned as "nobody" by default,
+          # resulting in permission errors.
+          TEST_NGINX_GLOBALS: >-
+              user root;
+        run: |
+            TEST_NGINX_BINARY="$PWD/nginx/objs/nginx" \
+            LSAN_OPTIONS="suppressions=$PWD/misc/lsan-suppressions.txt" \
+            UBSAN_OPTIONS="suppressions=$PWD/misc/ubsan-suppressions.txt" \
+            prove -v -Inginx/tests/lib examples/t

misc/lsan-suppressions.txt

@@ -0,0 +1,17 @@
+# LeakSanitizer suppressions list for nginx
+#
+# To be used with -fsanitize=address and
+# LSAN_OPTIONS=suppressions=lsan-suppressions.txt.
+#
+# https://github.com/google/sanitizers/wiki/AddressSanitizerLeakSanitizer#suppressions
+
+# cycle->connections, cycle->read_events, cycle->write_events
+leak:ngx_event_process_init
+
+# XXX: can silence leaks from nginx SSL callbacks
+leak:SSL_do_handshake
+leak:SSL_read
+
+# rcf->ranges not freed at process exit
+leak:ngx_http_upstream_update_random
+leak:ngx_stream_upstream_update_random

misc/nginx-sanitizer-support.patch

@@ -0,0 +1,28 @@
+diff --git a/src/core/ngx_string.h b/src/core/ngx_string.h
+index 713eb42a7..999c6b25f 100644
+--- a/src/core/ngx_string.h
++++ b/src/core/ngx_string.h
+@@ -96,6 +96,23 @@ void ngx_explicit_memzero(void *buf, size_t n);
+ void *ngx_memcpy(void *dst, const void *src, size_t n);
+ #define ngx_cpymem(dst, src, n)   (((u_char *) ngx_memcpy(dst, src, n)) + (n))
+ 
++#elif (NGX_SUPPRESS_WARN)
++
++/*
++ * Checked versions for sanitizers.
++ * See https://mailman.nginx.org/pipermail/nginx-devel/2023-December/7VNQZEBNXEKAYTYE4Y65FORF4HNELM6V.html
++ */
++
++static ngx_inline void *
++ngx_memcpy(void *dst, const void *src, size_t n) {
++    return (n == 0) ? dst : memcpy(dst, src, n);
++}
++
++static ngx_inline void *
++ngx_cpymem(void *dst, const void *src, size_t n) {
++    return (n == 0) ? dst : ((u_char *) memcpy(dst, src, n)) + n;
++}
++
+ #else
+ 
+ /*

misc/ubsan-suppressions.txt

@@ -0,0 +1,28 @@
+# UndefinedBehaviorSanitizer suppressions list for nginx
+#
+# To be used with -fsanitize=undefined and
+# UBSAN_OPTIONS=suppressions=ubsan-suppressions.txt.
+#
+# https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html#runtime-suppressions
+
+# src/http/v2/ngx_http_v2.c:2747:17: runtime error: store to misaligned address 0x7b35a1a19885 for type 'uint32_t' (aka 'unsigned int'), which requires 4 byte alignment
+alignment:src/http/v2/ngx_http_v2.c
+alignment:src/http/v2/ngx_http_v2_filter_module.c
+alignment:ngx_http_huff_encode
+alignment:ngx_http_parse_request_line
+
+# ngx_quic_write_uint32 at src/event/quic/ngx_event_quic_transport.c:642
+alignment:ngx_quic_create_long_header
+alignment:ngx_quic_read_uint32
+
+# src/core/ngx_output_chain.c:70:20: runtime error: call to function ngx_http_trailers_filter through pointer to incorrect function type 'long (*)(void *, struct ngx_chain_s *)'
+# src/http/modules/ngx_http_headers_filter_module.c:249: note: ngx_http_trailers_filter defined here
+function:ngx_output_chain
+
+# violates nonnull on memcmp
+nonnull-attribute:ngx_http_upstream_zone_preresolve
+nonnull-attribute:ngx_stream_upstream_zone_preresolve
+
+# src/http/ngx_http_script.c:800:16: runtime error: applying non-zero offset 112 to null pointer
+pointer-overflow:ngx_http_script_add_code
+pointer-overflow:ngx_stream_script_add_code