In mongocrypt-ctx-encrypt.c, a Valgrind memory leak can occur when the libbson BSON_MEMCHECK compile flag is set in two possible ways.

1. bson_init and bson_init_static on same bson_t instance
   • In _fle2_mongo_op_markings, bson_t cmd_bson and encrypted_field_config_bson is initialized on lines 627–628 (as of commit 2ec9c3). Then, cmd_bson and encrypted_field_config_bson are passed as the bson argument to _mongocrypt_buffer_to_bson, which double-initializes the input bson with bson_init_static.
     • This can be fixed by removing BSON_INITIALIZER from the declaration of cmd_bson and encrypted_field_config_bson.
   • Similarly, in _create_markings_cmd_bson, bson_t bson_view is initialized on line 696 and is passed to _mongocrypt_buffer_to_bson, which double-initializes bson_view.
     • This can be fixed by removing BSON_INITIALIZER from the declaration of bson_view.
2. bson_init twice on same bson_t
   • Another double-init issue can occur as callers of _create_markings_cmd_bson pass their out argument as already-initialized (see this example). Then, there are two possible ways the out argument can be initialized again within the scope of _create_markings_cmd_bson:
     • For an FLE1 command, it calls bson_init on line 706
     • For an FLE2 command, the processing of the command gets passed to _fle2_mongo_op_markings which calls bson_init on out on line 654
   • To fix this issue, the calls to bson_init on 654 and 706 can be removed since the callers of _create_markings_cmd_bson are already initializing the input bson_t structure.

—

To reproduce the memory leak, use

mkdir cmake-build && cd cmake-build
cmake ../
make
valgrind --leak-check=full ./test-mongocrypt