The copy() function for BSONObj could detect corrupt BSON and detect undefined behavior earlier for two reasons:

• There is no verification that objsize() is below the maximum BSON size. An attempt to allocate a new buffer based on the size of an unowned BSON object can lead to very large allocations.
• By making 2 calls to objsize(), the copy function may allocate a different amount of memory than it writes if the underlying buffer is unowned. This should also be fixed to prevent the possibility of undefined behavior.