What kind of USB HID device is showing such problem?

Will this PR cause side effects for other HID device like Bluetooth?

/* MAXIMUM_USB_STRING_LENGTH from usbspec.h is 255 */
/* BLUETOOTH_DEVICE_NAME_SIZE from bluetoothapis.h is 256 */
#define MAX_STRING_WCHARS 256

Reference: it seems to me Windows API allows the buffer size to be up to 4093 Bytes,
https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/hidsdi/nf-hidsdi-hidd_getindexedstring

a broken string is stored in the output buffer

Is this causing un undefined behavior (like reading uninitialized memory) or just is it more a security consern (getting data from some buffer in the memory which we wheren't supposed to get normally.

For certain USB devices

Is it specific to driver or specific to device descriptor?

For certain USB devices
the buffer MUST NOT exceed 126 wchars

Taking into account size limitation for other buses (e.g. Bluetooth) this parameter probably need to be bus-specific, e.g. have it as is (256) by default, and have it 126 for device bus is known and is USB.

What kind of USB HID device is showing such problem?

I can't quite put my finger on what exactly triggers this behaviour, but here's an example (Windows10 Pro 21H2, Version 10.0.19044 Build 19044)

Before the patch:

---------------------------------------
Enumerating HIDAPI devices
---------------------------------------
Loading HID DB...
Enumerating HID devices...

... (skipped)

\\?\HID#VID_14A5&PID_A011#6&1e2f4adc&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
    VID:          14a5
    PID:          a011
    Manufacturer: U
    Product:      U
    Serial:       
    Release:      74
    Usage page:   Generic Desktop
    Usage:        Mouse
    Bus:          USB
    Interface:    0
    Instance:     HID\VID_14A5&PID_A011\6&1e2f4adc&0&0000
    DEVINST:      0x0004

... (skipped)

After the patch:

---------------------------------------
Enumerating HIDAPI devices
---------------------------------------
Loading HID DB...
Enumerating HID devices...

... (skipped)

\\?\HID#VID_14A5&PID_A011#6&1e2f4adc&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
    VID:          14a5
    PID:          a011
    Manufacturer: USB Gaming Mouse
    Product:      USB Gaming Mouse
    Serial:       
    Release:      74
    Usage page:   Generic Desktop
    Usage:        Mouse
    Bus:          USB
    Interface:    0
    Instance:     HID\VID_14A5&PID_A011\6&1e2f4adc&0&0000
    DEVINST:      0x0004

... (skipped)    

Symptoms are as follows:

On return, the output buffer is zeroed except for the first letter; the first letter is pretty much random on every run (sometimes, it matches the first letter of the actual string descriptor).

Tried calling HidD_GetManufacturerString or even sending IOCTL_HID_GET_MANUFACTURER_STRING directly with the same result.

I was able to find similar reports from other users, for example: https://stackoverflow.com/questions/2329572/trouble-reading-manufacturer-string-from-hid-device-using-hid-dll-api.

In the case of my device, passing a 127 wchars long buffer still results in a broken output (126 wchars work).

Please note that all of the above only applies to this particular USB mouse (other HID devices work fine with the original 256 wchars long buffer).

Will this PR cause side effects for other HID device like Bluetooth?

That's a good question. HidD_GetManufacturerString and friends fail if the buffer is not big enough, so the patch could affect devices with string descriptor exceeding 126 wchars (are there even devices like that?).

To minimize possible impact, it probably makes sense to make this patch specific to the USB bus (i.e., only limit the buffer size for HID_API_BUS_USB.)

Reference: it seems to me Windows API allows the buffer size to be up to 4093 Bytes, https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/hidsdi/nf-hidsdi-hidd_getindexedstring

Well, the same page also states that USB string descriptors are limited to 126 wchars:

For USB devices, the maximum string length is 126 wide characters (not including the terminating NULL character).

The doc is a bit vague on whether it's OK to pass a 127 wchars long buffer to accommodate the NULL-terminator, but my experiments showed that it's not (fails for 127 wchars, works for 126 wchars).

Is this causing un undefined behavior (like reading uninitialized memory) or just is it more a security consern (getting data from some buffer in the memory which we wheren't supposed to get normally.

It doesn't look like it's actually breaking anything or leading to a crash; just the output buffer is wrong (a random letter, then zeroes).

Is it specific to driver or specific to device descriptor?

Can't really tell whether it's caused by a particular device, USB driver, or HID driver (but not the Win32 HID library, because I tried passing HID IOCTLs directly). But again, it's not unique to my mouse -- there are similar reports on the web.

Taking into account size limitation for other buses (e.g. Bluetooth) this parameter probably need to be bus-specific, e.g. have it as is (256) by default, and have it 126 for device bus is known and is USB.

Good point. I'll make the changes and make this limitation specific to the USB bus.

The windows-cmake check still fails, but it has nothing to do with this PR (compilation errors in hid_report_reconstructor_test)

No worries. I'll override that check when it is time to merge.
I always give a few days for community to have a chance to review the PR even after it has been approved.

According to the USB 3.2 Revision 1.1 Specification. Section 9.6.9.:

The UNICODE string descriptor (shown in Table 9-31) is not NULL-terminated. The string length is computed by subtracting two from the value of the first byte of the descriptor.

So maximum size in BYTES is 255-2=253. Or 127 WCHARS with NULL-termination.

I like the idea of this workaround for possible Windows bug, but do not like this hid_internal_detect_bus_type_result in implementation. I think it will be better to add DEVINST hid_internal_get_devnode(const wchar_t* interface_path) instead.

better to add DEVINST hid_internal_get_devnode(const wchar_t* interface_path)

I agree this would do good from Single Responsibility principle,
but from implementation POV I believe it will be non-trivial to have a separate hid_internal_get_devnode and a function that would detect if the device is a BLE device w/o some code duplication.
I believe current aproach is a good balance in the overall design.