Steps to reproduce:

Step 1. Use Mongo as WEB SCALE DOCUMENT STORE OF CHOICE LOL

Step 2. Assume basic engineering principles applied throughout due to HEAVY MARKETING SUGGESTING AWESOMENESS.

Step 3. Spend 6 months fighting plebbery across the spectrum, mostly succeed.

Step 4. NIGHT BEFORE INVESTOR DEMO, TRY UPLOADING SOME DATA WITH "{$ref: '#/mongodb/plebtastic'"

Step 5. LOL WTF?!?!? PYMONGO CRASH?? :OOO LOOOL WEBSCALE

Step 6. It's 4am now. STILL INVESTIGATING

b4cb9be0 pymongo/_cbsonmodule.c (Mike Dirolf 2009-11-10 14:54:39 -0500 1196) /* Decoding for DBRefs */

Oh Mike!!!

Step 7. DISCOVER PYMONGO DOES NOT CHECK RETURN VALUES IN MULTIPLE PLACES. DISCOVER ORIGINAL AUTHOR SHOULD NOT BE ALLOWED NEAR COMPUTER

0558b0d4 pymongo/_cbsonmodule.c (Mike Dirolf 2009-06-08 15:06:12 -0400 1197) if (strcmp(buffer + position + 5, "$ref") == 0) { / DBRef */
f3da57be pymongo/_cbsonmodule.c (sibsibsib 2010-08-03 13:24:14 +0800 1198) PyObject* dbref;
b4cb9be0 pymongo/_cbsonmodule.c (Mike Dirolf 2009-11-10 14:54:39 -0500 1199) PyObject* collection = PyDict_GetItemString(value, "$ref");
...
30c253e6 pymongo/_cbsonmodule.c (Mike Dirolf 2010-06-22 12:29:20 -0400 1206) PyDict_DelItemString(value, "$id");
...
6b0a9ccb pymongo/_cbsonmodule.c (Mike Dirolf 2010-06-21 15:15:00 -0400 1220) Py_DECREF(id);

LOOOOL!

OH MIKE OH MIKE!! BUT WHAT IF $ref DOESNT HAVE $id KEY? LOOL

Step 8. REALIZE I CAN CRASH 99% OF ALL WEB 3.9 SHIT-TASTIC WEBSCALE MONGO-DEPLOYING SERVICES WITH 16 BYTE POST

Step 9. REALIZE 10GEN ARE TOO WORTHLESSLY CLUELESS TO LICENCE A STATIC ANALYZER THAT WOULD HAVE NOTICED THIS PROBLEM IN 0.0000001 NANOSECONDS?!!?!?@#

Step 10. TRY DELETING _cbson.so.

Step 11. LOOOOOOOOOOOOL MORE NULL PTR DEREFS IN _cmessage.so!!?!? LOLLERPLEX??!? NULL IS FOR LOSERS LOLOL

Steps to fix:

1. MIKE WAS BORN A TECH WRITER. REVOKE COMMIT PRIVS TODAY

2. BUY A GODDAMNED COVERITY LICENCE YOU AMATEURS

3. ADD process_dbrefs=False TO ALL THE DRIVERS

4. FIX NULL PTR DEREFERENCE

5. PUBLISH SECURITY ADVISORY OR I WILL DO IT FOR YOU