bson/bson-iter.c | 7 5 + 2 - 0 !
1 file changed, 5 insertions(+), 2 deletions(-)

 [patch] cdriver-2269 check for zero string length in codewscope

bson/bson-iter.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch] fix for cve-2018-16790 -- verify bounds before binary length
 read.

As reported here: https://jira.mongodb.org/browse/CDRIVER-2819,
a heap overread occurs due a failure to correctly verify data
bounds.

In the original check, len - o returns the data left including the
sizeof(l) we just read. Instead, the comparison should check
against the data left NOT including the binary int32, i.e. just
subtype (byte*) instead of int32 subtype (byte*).

Added in test for corrupted BSON example.

bson/bson-utf8.c | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 [patch] cdriver-4747 use `size_t` consistently in
 `bson_utf8_validate` (#1458)

bson/bson-string.c | 8 4 + 4 - 0 !
1 file changed, 4 insertions(+), 4 deletions(-)

 [patch] cdriver-5504 use pointer-based iteration when traversing
 array elements (#1552)

bson/bson-string.c | 24 20 + 4 - 0 !
1 file changed, 20 insertions(+), 4 deletions(-)

 [patch] cdriver-5552 more robust string handling (#1593)

Co-authored-by: Kevin Albertson <kevin.albertson@10gen.com>

bson/bson.c | 11 11 + 0 - 0 !
1 file changed, 11 insertions(+)

 [patch] cdriver-5601 more robust bson append (#1648)

Co-authored-by: Kevin Albertson <kevin.albertson@10gen.com>
Co-authored-by: Ezra Chung <88335979+eramongodb@users.noreply.github.com>