Since mongoc_uri_option_is_utf8() returns true for "appname", a value may be assigned through mongoc_uri_set_option_as_utf8(), which will bypass the length validation done in mongoc_uri_set_appname(). This seems like an edge case that should be closed.

I'm not sure if this poses a BC break, since previous versions of libmongoc (1.5 and 1.6) would default to return true from mongoc_uri_option_is_utf8() unless the option was a boolean, integer, or appeared in a blacklist. For 1.7, the function was changed to use a whitelist of known options, which included "appname" (16d03dc).