The BSONObj constructor doesn't take into account the length of the buffer being read from, and so buffer over-reads can occur if we are constructing from an untrusted source. This happens when we pass a malformed keyfile to the server – if we get unlucky in a particular way, this can cause a buffer over-read during a check on the object. Run validateBSON before we construct to avoid this.