Compile c dependencies with asan

.github/workflows/ci.yml

@@ -27,17 +27,36 @@ jobs:
       - uses: actions/checkout@v4
       - run: npm ci
       - run: npm test
+      - name: Install clang for ASAN
+        run: sudo apt-get update && sudo apt-get install -y clang
       - name: Set up cargo cache
         uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6
       - run: cargo fmt --all -- --check
       - run: cargo clippy --all-targets --all-features -- -D warnings
-      - run: cargo test --features odbc-static
+      - name: Build proc-macros without ASAN first
+        run: cargo build --lib --features odbc-static
+      - name: Run tests with ASAN-instrumented C dependencies
+        env:
+          CFLAGS: "-fsanitize=address -fno-omit-frame-pointer -g"
+          CXXFLAGS: "-fsanitize=address -fno-omit-frame-pointer -g"
+          CC: clang
+          CXX: clang++
+          RUSTFLAGS: "-Clink-arg=-fsanitize=address"
+          ASAN_OPTIONS: "detect_leaks=1:abort_on_error=1"
+        run: |
+          # Find and preload ASAN runtime library so rustc can load ASAN-linked proc-macros
+          ASAN_LIB=$(clang -print-file-name=libclang_rt.asan-x86_64.so)
+          export LD_PRELOAD="$ASAN_LIB"
+          # Recompile C dependencies and binaries with ASAN instrumentation
+          cargo clean -p aws-lc-sys -p libsqlite3-sys -p zstd-sys -p sqlpage
+          cargo test --features odbc-static
       - name: Upload Linux binary
         uses: actions/upload-artifact@v4
         with:
           name: sqlpage-linux-debug
           path: "target/debug/sqlpage"
 
+
   test:
     runs-on: ubuntu-latest
     strategy:

ASAN-BUILD-PROCESS.md

@@ -0,0 +1,47 @@
+# Building with ASAN for C Dependencies
+
+## Two-Phase Build Approach
+
+The solution uses a two-phase build to avoid proc-macro loading issues:
+
+### Phase 1: Build proc-macros without ASAN
+```bash
+cargo build --lib --features odbc-static
+```
+
+This builds all libraries and proc-macros (like `sqlx-macros-oldapi`) with normal linking.
+
+### Phase 2: Rebuild with ASAN instrumentation
+```bash
+# Set up ASAN environment
+export CFLAGS="-fsanitize=address -fno-omit-frame-pointer -g"
+export CXXFLAGS="-fsanitize=address -fno-omit-frame-pointer -g"
+export CC=clang
+export CXX=clang++
+export RUSTFLAGS="-Clink-arg=-fsanitize=address"
+
+# Preload ASAN runtime so rustc can load proc-macros
+export LD_PRELOAD=$(clang -print-file-name=libclang_rt.asan-x86_64.so)
+
+# Rebuild only C dependencies and main binary
+cargo clean -p aws-lc-sys -p libsqlite3-sys -p zstd-sys -p sqlpage
+cargo test --features odbc-static
+```
+
+## Why This Works
+
+1. **Proc-macros** are built first without ASAN and cached
+2. **C dependencies** (aws-lc-sys, libsqlite3-sys, zstd-sys) are recompiled with ASAN instrumentation
+3. **LD_PRELOAD** loads the ASAN runtime library into the cargo/rustc process, allowing it to successfully load proc-macros even if they transitively depend on ASAN-instrumented code
+4. **Final binary and tests** are linked with ASAN runtime via `-Clink-arg=-fsanitize=address`
+
+## What Gets Detected
+
+With ASAN enabled for C dependencies, the tests will detect:
+- Buffer overflows in C code
+- Use-after-free errors in C code
+- Memory leaks in C code (via LeakSanitizer)
+- Stack buffer overflows
+- Global buffer overflows
+
+This provides comprehensive memory safety checking for the native C dependencies while working around Rust's proc-macro system limitations.