Running "tutorial_empty_query" from http://api.mongodb.org/c/current/tutorial.html on an empty database, I see that not enough memory is allocated for "out" in mongo_read_response (src/mongo.c). I added a printf:
printf("mongo_read_response: %d required, %d allocated\n", sizeof(mongo_reply), len);
out = ( mongo_reply * )bson_malloc( len ); // was here before

And the output I get (tutorial_empty_query on empty database):
mongo_read_response: 37 required, 106 allocated
mongo_read_response: 37 required, 36 allocated // from mongo_cursor_next( cursor )

In mongo_read_response (src/mongo.c) the check for "len" is:
len < sizeof( head )+sizeof( fields )
Seems mongo_reply.objs is missing. Wouldn't something like:
len < sizeof(mongo_reply)
be better? But this is just a check that fails to catch the problem. I guess the actual problem is that the requested "len" is too small. Not sure where that comes from.