Add reply type_id/opcode identity validation to all _get_* wrappers

Author: CameronBrooks11

CHANGELOG.md

@@ -39,6 +39,14 @@ All notable changes to CRUMBS are documented in this file.
   - Eight-step walkthrough using a toy thermometer peripheral as a running example
   - Covers: type ID selection, ops header structure, SET/SET*REPLY op pairs, result structs, `\_get*\*` pattern, Linux and Arduino usage, helper reference tables, and a completeness checklist
 
+### Fixed
+
+- **Reply identity validation in all `_get_*` wrappers**
+  - All 11 `_get_*` functions (across `led_ops.h`, `servo_ops.h`, `calculator_ops.h`, `display_ops.h`, `mock_ops.h`) now verify that `reply.type_id` and `reply.opcode` match the expected values before parsing
+  - Returns `-1` immediately on any mismatch, preventing silent data corruption when a valid CRUMBS frame arrives from the wrong device type or address
+  - For `calc_get_hist_entry`, the identity check precedes the `data_len < 16` check
+  - Zero runtime cost on the happy path; two comparisons per GET on any error path
+
 ### Changed
 
 - **Example controllers updated to use `_get_*` wrappers** (`examples/families_usage/`)

examples/families_usage/lhwit_family/calculator_ops.h

@@ -364,6 +364,8 @@ extern "C"
         rc = crumbs_controller_read(ctx, addr, &reply, read_fn, io);
         if (rc != 0)
             return rc;
+        if (reply.type_id != CALC_TYPE_ID || reply.opcode != CALC_OP_GET_RESULT)
+            return -1;
         return crumbs_msg_read_u32(reply.data, reply.data_len, 0, &out->result);
     }
 
@@ -398,6 +400,8 @@ extern "C"
         rc = crumbs_controller_read(ctx, addr, &reply, read_fn, io);
         if (rc != 0)
             return rc;
+        if (reply.type_id != CALC_TYPE_ID || reply.opcode != CALC_OP_GET_HIST_META)
+            return -1;
         rc = crumbs_msg_read_u8(reply.data, reply.data_len, 0, &out->count);
         if (rc != 0)
             return rc;
@@ -440,6 +444,8 @@ extern "C"
         rc = crumbs_controller_read(ctx, addr, &reply, read_fn, io);
         if (rc != 0)
             return rc;
+        if (reply.type_id != CALC_TYPE_ID || reply.opcode != (uint8_t)(CALC_OP_GET_HIST_0 + entry_idx))
+            return -1;
         if (reply.data_len < 16)
             return -1; /* Entry is empty or malformed */
         /* Parse: [op:4][a:u32][b:u32][result:u32] */

examples/families_usage/lhwit_family/display_ops.h

@@ -294,6 +294,8 @@ extern "C"
         rc = crumbs_controller_read(ctx, addr, &reply, read_fn, io);
         if (rc != 0)
             return rc;
+        if (reply.type_id != DISPLAY_TYPE_ID || reply.opcode != DISPLAY_OP_GET_VALUE)
+            return -1;
         /* Reply: [number:u16][decimal_pos:u8][brightness:u8] */
         return display_parse_get_value(reply.data, reply.data_len,
                                        &out->number, &out->decimal_pos, &out->brightness);

examples/families_usage/lhwit_family/led_ops.h

@@ -270,6 +270,8 @@ extern "C"
         rc = crumbs_controller_read(ctx, addr, &reply, read_fn, io);
         if (rc != 0)
             return rc;
+        if (reply.type_id != LED_TYPE_ID || reply.opcode != LED_OP_GET_STATE)
+            return -1;
         return crumbs_msg_read_u8(reply.data, reply.data_len, 0, &out->states);
     }
 
@@ -304,6 +306,8 @@ extern "C"
         rc = crumbs_controller_read(ctx, addr, &reply, read_fn, io);
         if (rc != 0)
             return rc;
+        if (reply.type_id != LED_TYPE_ID || reply.opcode != LED_OP_GET_BLINK)
+            return -1;
         /* Reply: [led0_enable:u8][led0_period:u16]...[led3_enable:u8][led3_period:u16] */
         for (uint8_t i = 0; i < 4; i++)
         {

examples/families_usage/lhwit_family/servo_ops.h

@@ -277,6 +277,8 @@ extern "C"
         rc = crumbs_controller_read(ctx, addr, &reply, read_fn, io);
         if (rc != 0)
             return rc;
+        if (reply.type_id != SERVO_TYPE_ID || reply.opcode != SERVO_OP_GET_POS)
+            return -1;
         rc = crumbs_msg_read_u8(reply.data, reply.data_len, 0, &out->pos[0]);
         if (rc != 0)
             return rc;
@@ -314,6 +316,8 @@ extern "C"
         rc = crumbs_controller_read(ctx, addr, &reply, read_fn, io);
         if (rc != 0)
             return rc;
+        if (reply.type_id != SERVO_TYPE_ID || reply.opcode != SERVO_OP_GET_SPEED)
+            return -1;
         rc = crumbs_msg_read_u8(reply.data, reply.data_len, 0, &out->speed[0]);
         if (rc != 0)
             return rc;

examples/handlers_usage/mock_ops.h

@@ -284,6 +284,8 @@ extern "C"
         rc = crumbs_controller_read(ctx, addr, &reply, read_fn, io);
         if (rc != 0)
             return rc;
+        if (reply.type_id != MOCK_TYPE_ID || reply.opcode != MOCK_OP_GET_ECHO)
+            return -1;
         out->len = reply.data_len;
         if (reply.data_len > 0)
             memcpy(out->data, reply.data, reply.data_len);
@@ -321,6 +323,8 @@ extern "C"
         rc = crumbs_controller_read(ctx, addr, &reply, read_fn, io);
         if (rc != 0)
             return rc;
+        if (reply.type_id != MOCK_TYPE_ID || reply.opcode != MOCK_OP_GET_STATUS)
+            return -1;
         rc = crumbs_msg_read_u8(reply.data, reply.data_len, 0, &out->state);
         if (rc != 0)
             return rc;
@@ -358,6 +362,8 @@ extern "C"
         rc = crumbs_controller_read(ctx, addr, &reply, read_fn, io);
         if (rc != 0)
             return rc;
+        if (reply.type_id != MOCK_TYPE_ID || reply.opcode != MOCK_OP_GET_INFO)
+            return -1;
         out->len = reply.data_len;
         if (reply.data_len > 0)
             memcpy(out->info, reply.data, reply.data_len);