ci: fix ASan self-test — use -M 0 and re-introduce real bug

The standalone toy program proved the toolchain works, but couldn't
catch real proxy bugs. Switch back to re-introducing the actual
CONN_INFO heap overflow (a7e832e).

Root cause of prior failure: with -M 1, the bug triggers in the forked
child worker (workers=0), but $! captures the parent PID. ASan output
from the child was lost. Fix: use -M 0 (single process, no fork) so
the bug fires in the main process whose stderr we capture.

Also: use separate ports (7443/7888) to avoid conflicts with the clean
test, and redirect both stdout+stderr to the log.

Author: dvershinin

.github/workflows/test.yml

@@ -207,27 +207,42 @@ jobs:
         fi
         echo "No ASan errors detected"
 
-    - name: Verify ASan is active (self-test)
-      run: |
-        # Build and run a trivial heap-buffer-overflow to prove the ASan
-        # toolchain is working. If flags are wrong or the runtime is
-        # missing, this step fails.
-        cat > /tmp/asan-selftest.c <<'CEOF'
-        #include <stdlib.h>
-        #include <string.h>
-        int main(void) {
-            char *p = malloc(8);
-            memset(p, 'A', 32);  /* 24 bytes past allocation */
-            free(p);
-            return 0;
-        }
-        CEOF
-        cc -fsanitize=address -fno-omit-frame-pointer -o /tmp/asan-selftest /tmp/asan-selftest.c
+    - name: Verify ASan catches known heap overflow
+      run: |
+        # Re-introduce the CONN_INFO heap overflow fixed in a7e832e to
+        # prove ASan catches real bugs in the proxy, not just toy programs.
+        #
+        # The bug: CONN_INFO(LC)->window_clamp writes at offset ~512 into
+        # an 80-byte listening_connection_info (allocated via malloc).
+        #
+        # Key: use -M 0 (no fork) so the bug triggers in the main process
+        # whose stderr we capture. With -M 1, the bug only fires in the
+        # child worker, but $! captures the parent PID.
+        sed -i 's/LISTEN_CONN_INFO(LC)->window_clamp/CONN_INFO(LC)->window_clamp/' mtproto/mtproto-proxy.c
+
+        make -j$(nproc) \
+          EXTRA_CFLAGS="-fsanitize=address -fno-omit-frame-pointer" \
+          EXTRA_LDFLAGS="-fsanitize=address"
+        cp objs/bin/mtproto-proxy mtproxy-run/
+
+        cd mtproxy-run
+        ASAN_OPTIONS=detect_leaks=0 \
+        ./mtproto-proxy -u nobody -p 7888 -H 7443 -S $MTPROXY_SECRET \
+          --http-stats --aes-pwd proxy-secret proxy-multi.conf -M 0 \
+          >asan-bug.log 2>&1 &
+        BUG_PID=$!
+        sleep 5
+        kill "$BUG_PID" 2>/dev/null; wait "$BUG_PID" 2>/dev/null || true
 
-        if /tmp/asan-selftest 2>&1 | grep -q "heap-buffer-overflow"; then
-          echo "ASan self-test passed — sanitizer is active"
+        if grep -q "heap-buffer-overflow" asan-bug.log; then
+          echo "ASan correctly detected the known heap-buffer-overflow"
         else
-          echo "::error::ASan self-test failed — sanitizer did not detect heap-buffer-overflow"
-          /tmp/asan-selftest 2>&1 || true
+          echo "::error::ASan did NOT detect the known heap overflow"
+          echo "--- asan-bug.log ---"
+          cat asan-bug.log
           exit 1
         fi
+
+    - name: Restore source tree
+      if: always()
+      run: git checkout -- mtproto/mtproto-proxy.c