During optimization, $skip will combine itself with an adjacent $skip, and the new value to skip is the sum of the two. However, the addition is performed without overflow checking. The skip value is stored as a long long, which means that we hit undefined behavior in the event of overflow.

The unsafe code is in DocumentSourceSkip::doOptimizeAt() in v3.6 and v3.4.