The bson_iterator_create() was modified as follows in order to prevent the overrun:

MONGO_EXPORT bson_iterator* bson_iterator_create() {
/* JSB: In the following line I fixed sizeof(bson_iterator*) to sizeof(bson_iterator) */
return (bson_iterator*)malloc(sizeof(bson_iterator));
}