The 'bson' structure currently has a hard-coded internal 'stack' of 32 elements. Overflow of this stack is not checked, and happens when you exceed 32 nested objects / arrays with bson_append_start_object / bson_append_start_array.

This is obviously by design, so I'm not sure how well this will be received, but I have implemented a patch (I'll attach a pull request later) in which this fixed-size stack is replaced with a dynamically resized stack. When resized, the stack is incremented by 32, so the additional cost for existing code is 1 malloc when the first object is appended, and 1 free when the structure is free'd. I've also added an additional unit test for deep nesting of bson objects, verified this patch by running it through all tests with valgrind.