Calling PHP's clone operator on a MongoDB\BSON\Javascript object that has a scope causes the process to abort with a C-level assertion failure inside libbson. The crash is not catchable via PHP's exception or error handling.

Javascript objects without a scope clone without issue.

Environment

Reproducer

<?php

// Works fine — no scope
$js = new MongoDB\BSON\Javascript('function(x) { return x; }');
$clone = clone $js;
echo "no scope: OK\n";

// Aborts the process — scope present
$jsWithScope = new MongoDB\BSON\Javascript('function(x) { return x + n; }', ['n' => 42]);
$clone = clone $jsWithScope; // Fatal: C assertion failure, process exits
echo "with scope: OK\n"; // never reached

Expected behavior

Either clone succeeds and returns an independent copy, or it throws a catchable PHP Error/Exception.

Actual behavior

The process aborts with:

bson_copy(): assertion failed: bson
src/libmongoc/src/libbson/src/bson/bson.c:2084
Abort trap: 6

Root cause (hypothesis)

The Javascript object stores its scope as a bson_t (libbson document). The __clone handler likely passes an uninitialized or already-freed bson_t * to bson_copy(), which asserts that the pointer is non-NULL and valid. The scope bson_t may not be properly initialized during the clone operation.