fix stale-check signed overflow; add adversarial admission tests

Fix undefined behavior in rx_session_solve_admission(): the expression
`ts > (last_admission_ts + timeout)` overflows int64_t when
last_admission_ts == BIG_BANG (INT64_MIN). Rearranged to the equivalent
`(ts - timeout) > last_admission_ts` which is safe for non-negative ts
and timeout.

Add test_intrusive_rx_admission.c: 14 test cases covering the admission
state machine exhaustively — truth table, fresh/stale boundary
conditions, continuation frames, preemption scenarios (including the
documented TID-rollover edge case), record_admission masking, and
integration sequences (TID progression, duplicate rejection, interface
failover, zero timeout, duplicate-after-preemption limitation).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: pavel-kirienko

libcanard/canard.c

@@ -1404,7 +1404,7 @@ static bool rx_session_solve_admission(const rx_session_t* const ses,
     const bool fresh = (transfer_id != ses->last_admitted_transfer_id) || // always accept if transfer-ID is different
                        (priority != ses->last_admitted_priority);         // or we switched the priority level
     const bool affine = ses->iface_index == iface_index;
-    const bool stale  = ts > (ses->last_admission_ts + ses->owner->transfer_id_timeout);
+    const bool stale  = (ts - ses->owner->transfer_id_timeout) > ses->last_admission_ts;
     return (fresh && affine) || (affine && stale) || (stale && fresh);
 }
 

tests/CMakeLists.txt

@@ -100,6 +100,7 @@ gen_test_matrix(test_helpers "src/test_helpers.c")
 gen_test_matrix(test_intrusive_util "src/test_intrusive_util.c")
 gen_test_matrix(test_intrusive_tx "src/test_intrusive_tx.c")
 gen_test_matrix(test_intrusive_rx "src/test_intrusive_rx.c")
+gen_test_matrix(test_intrusive_rx_admission "src/test_intrusive_rx_admission.c")
 # API tests.
 gen_test_single(test_api_tx "${library_dir}/canard.c;src/test_api_tx.cpp")