As noted in CDRIVER-2569, bson_append_binary asserts the binary payload is not NULL (but it is okay to use a non-NULL address with a zero length, which could be obtained from malloc(0), though bson_malloc(0) does return a NULL).

However, bson_value_copy on an empty binary payload will produce a value with a NULL payload, which means if we can retrieve an empty binary value, copy it, and then try appending that copy, we get an abort:

bson_t bson = BSON_INITIALIZER;
bson_value_t value, value_copy;
/* iter points to an empty BSON binary value */
value = bson_iter_value (&iter);
bson_value_copy (&value, &value_copy);
/* The following asserts since value_copy.value.v_binary.data is NULL */
BSON_APPEND_VALUE (&value_copy, "key", &value_copy);

Consider:

• loosening the restriction and allowing NULL to be passed to bson_append_binary. bson_append_utf8 allows NULL (but appends it as a NULL type instead of as an empty UTF8 string)
• changing bson_malloc to call the underlying allocator even for a zero length (which seems potentially dangerous, since users can override the allocator, and this would change how we're calling that allocator.