Skip to content

PYTHON-5756 - Fix BSON Binary type length bug#2790

Open
NoahStapp wants to merge 5 commits intomongodb:masterfrom
NoahStapp:PYTHON-5756
Open

PYTHON-5756 - Fix BSON Binary type length bug#2790
NoahStapp wants to merge 5 commits intomongodb:masterfrom
NoahStapp:PYTHON-5756

Conversation

@NoahStapp
Copy link
Copy Markdown
Contributor

@NoahStapp NoahStapp commented May 4, 2026

PYTHON-5756

Changes in this PR

Fixes a bug in the C extension where BSON Binary fields did not correctly account for the header when calculating value length.

Test Plan

Added a new unit test test_binary_length_accounts_for_header.

Checklist

Checklist for Author

  • Did you update the changelog (if necessary)?
  • Is there test coverage?
  • Is any followup work tracked in a JIRA ticket? If so, add link(s).

Checklist for Reviewer

  • Does the title of the PR reference a JIRA Ticket?
  • Do you fully understand the implementation? (Would you be comfortable explaining how this code works to someone else?)
  • Is all relevant documentation (README or docstring) updated?

Copilot AI review requested due to automatic review settings May 4, 2026 21:10
@NoahStapp NoahStapp requested a review from a team as a code owner May 4, 2026 21:10
@NoahStapp NoahStapp requested a review from Jibola May 4, 2026 21:10
Copilot AI reviewed May 4, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR aims to fix BSON binary-length validation in the C decoder so malformed Binary values are rejected correctly, and it adds a regression test in the BSON test suite.

Changes:

  • Updates the Binary decoding path in bson/_cbsonmodule.c to account for the element header when validating the remaining buffer length.
  • Adds test_binary_length_accounts_for_header to cover a malformed Binary payload that previously slipped through validation.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File Description
bson/_cbsonmodule.c Adjusts Binary element bounds checking in the C BSON decoder.
test/test_bson.py Adds a regression test for malformed BSON Binary length handling.

Comment thread bson/_cbsonmodule.c Outdated
@NoahStapp NoahStapp requested a review from Copilot May 5, 2026 13:39
Copilot AI reviewed May 5, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated no new comments.

@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented May 5, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 87.90%. Comparing base (575d75f) to head (5608cef).

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #2790      +/-   ##
==========================================
+ Coverage   82.43%   87.90%   +5.47%     
==========================================
  Files         140      141       +1     
  Lines       24175    24404     +229     
  Branches     4131     4176      +45     
==========================================
+ Hits        19928    21453    +1525     
+ Misses       3369     2052    -1317     
- Partials      878      899      +21
Flag Coverage Δ
auth-aws-rhel8-test-auth-aws-rapid-web-identity-python3.14-cov 35.01% <ø> (ø)
auth-aws-win64-test-auth-aws-rapid-web-identity-python3.14-cov 35.03% <ø> (+0.02%) ⬆️
auth-enterprise-macos-test-standard-auth-latest-python3.11-auth-ssl-sharded-cluster-cov 43.75% <ø> (?)
auth-enterprise-rhel8-test-standard-auth-latest-python3.11-auth-ssl-sharded-cluster-cov 43.76% <ø> (+0.01%) ⬆️
auth-enterprise-win64-test-standard-auth-latest-python3.11-auth-ssl-sharded-cluster-cov 43.78% <ø> (-0.03%) ⬇️
auth-oidc-local-ubuntu-22-test-auth-oidc-default 48.60% <ø> (?)
compression-snappy-rhel8-test-standard-latest-python3.11-async-noauth-nossl-standalone-cov 59.32% <ø> (+<0.01%) ⬆️
compression-snappy-rhel8-test-standard-latest-python3.12-async-noauth-ssl-replica-set-cov 61.46% <ø> (-0.04%) ⬇️
compression-snappy-rhel8-test-standard-latest-python3.13-async-auth-ssl-sharded-cluster-cov 61.06% <ø> (-0.01%) ⬇️
compression-snappy-rhel8-test-standard-latest-python3.14-async-noauth-nossl-standalone-cov 58.98% <ø> (ø)
compression-zlib-rhel8-test-standard-latest-python3.11-async-noauth-nossl-standalone-cov 59.33% <ø> (-0.02%) ⬇️
compression-zlib-rhel8-test-standard-latest-python3.12-async-noauth-ssl-replica-set-cov 61.49% <ø> (+0.04%) ⬆️
compression-zlib-rhel8-test-standard-latest-python3.13-async-auth-ssl-sharded-cluster-cov 61.06% <ø> (ø)
compression-zlib-rhel8-test-standard-latest-python3.14-async-noauth-nossl-standalone-cov 59.00% <ø> (+<0.01%) ⬆️
compression-zstd-rhel8-test-standard-latest-python3.11-async-noauth-nossl-standalone-cov 59.32% <ø> (-0.01%) ⬇️
compression-zstd-rhel8-test-standard-latest-python3.12-async-noauth-ssl-replica-set-cov 61.45% <ø> (ø)
compression-zstd-rhel8-test-standard-latest-python3.13-async-auth-ssl-sharded-cluster-cov 61.07% <ø> (+<0.01%) ⬆️
compression-zstd-rhel8-test-standard-latest-python3.14-async-noauth-nossl-standalone-cov 58.98% <ø> (+0.01%) ⬆️
compression-zstd-ubuntu-22-test-standard-latest-python3.14-async-noauth-nossl-standalone-cov 58.96% <ø> (ø)
coverage-report-coverage-report 87.86% <ø> (+5.48%) ⬆️
disable-test-commands-rhel8-test-standard-latest-python3.11-async-noauth-nossl-standalone-cov 59.32% <ø> (-0.01%) ⬇️
disable-test-commands-rhel8-test-standard-latest-python3.12-async-noauth-ssl-replica-set-cov 61.45% <ø> (-0.04%) ⬇️
disable-test-commands-rhel8-test-standard-latest-python3.13-async-auth-ssl-sharded-cluster-cov 61.06% <ø> (-0.01%) ⬇️
disable-test-commands-rhel8-test-standard-latest-python3.14-async-noauth-nossl-standalone-cov 58.98% <ø> (-0.02%) ⬇️
encryption-crypt_shared-macos-test-non-standard-latest-python3.13-noauth-nossl-standalone-cov 52.72% <ø> (?)
encryption-crypt_shared-macos-test-non-standard-latest-python3.14-auth-ssl-sharded-cluster-cov 54.52% <ø> (?)
encryption-crypt_shared-macos-test-non-standard-latest-python3.14t-noauth-ssl-replica-set-cov 54.34% <ø> (?)
encryption-crypt_shared-rhel8-test-non-standard-latest-python3.13-noauth-nossl-standalone-cov 52.72% <ø> (?)
encryption-crypt_shared-rhel8-test-non-standard-latest-python3.14-auth-ssl-sharded-cluster-cov 54.41% <ø> (?)
encryption-crypt_shared-rhel8-test-non-standard-latest-python3.14t-noauth-ssl-replica-set-cov 54.33% <ø> (?)
encryption-crypt_shared-win64-test-non-standard-latest-python3.13-noauth-nossl-standalone-cov 52.60% <ø> (?)
encryption-crypt_shared-win64-test-non-standard-latest-python3.14-auth-ssl-sharded-cluster-cov 54.53% <ø> (?)
encryption-crypt_shared-win64-test-non-standard-latest-python3.14t-noauth-ssl-replica-set-cov 54.42% <ø> (?)
encryption-macos-test-non-standard-latest-python3.13-noauth-nossl-standalone-cov 52.72% <ø> (?)
encryption-macos-test-non-standard-latest-python3.14-auth-ssl-sharded-cluster-cov 54.52% <ø> (?)
encryption-macos-test-non-standard-latest-python3.14t-noauth-ssl-replica-set-cov 54.34% <ø> (?)
encryption-pyopenssl-rhel8-test-non-standard-latest-python3.13-noauth-nossl-standalone-cov 53.39% <ø> (?)
encryption-pyopenssl-rhel8-test-non-standard-latest-python3.14-auth-ssl-sharded-cluster-cov 55.10% <ø> (?)
encryption-pyopenssl-rhel8-test-non-standard-latest-python3.14t-noauth-ssl-replica-set-cov 55.05% <ø> (?)
encryption-rhel8-test-non-standard-latest-python3.13-noauth-nossl-standalone-cov 52.72% <ø> (?)
encryption-rhel8-test-non-standard-latest-python3.14-auth-ssl-sharded-cluster-cov 54.41% <ø> (?)
encryption-rhel8-test-non-standard-latest-python3.14t-noauth-ssl-replica-set-cov 54.31% <ø> (?)
encryption-win64-test-non-standard-latest-python3.13-noauth-nossl-standalone-cov 52.66% <ø> (?)
encryption-win64-test-non-standard-latest-python3.14-auth-ssl-sharded-cluster-cov 54.45% <ø> (?)
encryption-win64-test-non-standard-latest-python3.14t-noauth-ssl-replica-set-cov 54.40% <ø> (?)
load-balancer-test-non-standard-latest-python3.14-auth-ssl-sharded-cluster-cov 48.39% <ø> (?)
mongodb-latest-test-server-version-python3.10-async-auth-ssl-sharded-cluster-min-deps-cov 61.44% <ø> (-0.01%) ⬇️
mongodb-latest-test-server-version-python3.10-async-noauth-nossl-standalone-min-deps-cov 59.34% <ø> (-0.02%) ⬇️
mongodb-latest-test-server-version-python3.10-sync-auth-ssl-sharded-cluster-min-deps-cov 59.48% <ø> (ø)
mongodb-latest-test-server-version-python3.10-sync-noauth-nossl-replica-set-min-deps-cov 59.58% <ø> (ø)
mongodb-latest-test-server-version-python3.11-async-noauth-nossl-replica-set-cov 61.39% <ø> (ø)
mongodb-rapid-test-server-version-python3.10-async-auth-ssl-sharded-cluster-min-deps-cov 61.44% <ø> (ø)
mongodb-rapid-test-server-version-python3.10-async-noauth-nossl-standalone-min-deps-cov 59.34% <ø> (+0.03%) ⬆️
mongodb-rapid-test-server-version-python3.10-sync-auth-ssl-sharded-cluster-min-deps-cov 59.47% <ø> (ø)
mongodb-rapid-test-server-version-python3.10-sync-noauth-nossl-replica-set-min-deps-cov 59.58% <ø> (ø)
mongodb-rapid-test-server-version-python3.11-async-noauth-nossl-replica-set-cov 61.39% <ø> (+<0.01%) ⬆️
mongodb-v4.2-test-server-version-python3.10-async-auth-ssl-sharded-cluster-min-deps-cov 57.16% <ø> (+0.01%) ⬆️
mongodb-v4.2-test-server-version-python3.10-async-noauth-nossl-standalone-min-deps-cov 55.61% <ø> (ø)
mongodb-v4.2-test-server-version-python3.10-sync-auth-ssl-sharded-cluster-min-deps-cov 57.03% <ø> (ø)
mongodb-v4.2-test-server-version-python3.10-sync-noauth-nossl-replica-set-min-deps-cov 57.15% <ø> (ø)
mongodb-v4.2-test-server-version-python3.11-async-noauth-nossl-replica-set-cov 57.34% <ø> (ø)
mongodb-v4.4-test-server-version-python3.10-async-auth-ssl-sharded-cluster-min-deps-cov 59.55% <ø> (+0.02%) ⬆️
mongodb-v4.4-test-server-version-python3.10-async-noauth-nossl-standalone-min-deps-cov 57.56% <ø> (ø)
mongodb-v4.4-test-server-version-python3.10-sync-auth-ssl-sharded-cluster-min-deps-cov 57.55% <ø> (ø)
mongodb-v4.4-test-server-version-python3.10-sync-noauth-nossl-replica-set-min-deps-cov 57.63% <ø> (ø)
mongodb-v4.4-test-server-version-python3.11-async-noauth-nossl-replica-set-cov 59.35% <ø> (+0.02%) ⬆️
mongodb-v5.0-test-server-version-python3.10-async-auth-ssl-sharded-cluster-min-deps-cov 59.72% <ø> (-0.01%) ⬇️
mongodb-v5.0-test-server-version-python3.10-async-noauth-nossl-standalone-min-deps-cov 57.73% <ø> (+<0.01%) ⬆️
mongodb-v5.0-test-server-version-python3.10-sync-auth-ssl-sharded-cluster-min-deps-cov 57.74% <ø> (ø)
mongodb-v5.0-test-server-version-python3.10-sync-noauth-nossl-replica-set-min-deps-cov 57.87% <ø> (ø)
mongodb-v5.0-test-server-version-python3.11-async-noauth-nossl-replica-set-cov 59.59% <ø> (+0.02%) ⬆️
mongodb-v6.0-test-server-version-python3.10-async-auth-ssl-sharded-cluster-min-deps-cov 59.74% <ø> (-0.01%) ⬇️
mongodb-v6.0-test-server-version-python3.10-async-noauth-nossl-standalone-min-deps-cov 57.72% <ø> (-0.01%) ⬇️
mongodb-v6.0-test-server-version-python3.10-sync-auth-ssl-sharded-cluster-min-deps-cov 57.76% <ø> (ø)
mongodb-v6.0-test-server-version-python3.10-sync-noauth-nossl-replica-set-min-deps-cov 57.92% <ø> (ø)
mongodb-v6.0-test-server-version-python3.11-async-noauth-nossl-replica-set-cov 59.70% <ø> (-0.01%) ⬇️
mongodb-v7.0-test-server-version-python3.10-async-auth-ssl-sharded-cluster-min-deps-cov 59.77% <ø> (+<0.01%) ⬆️
mongodb-v7.0-test-server-version-python3.10-async-noauth-nossl-standalone-min-deps-cov 57.73% <ø> (+<0.01%) ⬆️
mongodb-v7.0-test-server-version-python3.10-sync-auth-ssl-sharded-cluster-min-deps-cov 57.81% <ø> (ø)
mongodb-v7.0-test-server-version-python3.10-sync-noauth-nossl-replica-set-min-deps-cov 57.91% <ø> (ø)
mongodb-v7.0-test-server-version-python3.11-async-noauth-nossl-replica-set-cov 59.70% <ø> (+<0.01%) ⬆️
mongodb-v8.0-test-server-version-python3.10-async-auth-ssl-sharded-cluster-min-deps-cov 61.44% <ø> (ø)
mongodb-v8.0-test-server-version-python3.10-async-noauth-nossl-standalone-min-deps-cov 59.32% <ø> (ø)
mongodb-v8.0-test-server-version-python3.10-sync-auth-ssl-sharded-cluster-min-deps-cov 59.47% <ø> (ø)
mongodb-v8.0-test-server-version-python3.10-sync-noauth-nossl-replica-set-min-deps-cov 59.58% <ø> (ø)
mongodb-v8.0-test-server-version-python3.11-async-noauth-nossl-replica-set-cov 61.38% <ø> (-0.01%) ⬇️
no-c-ext-rhel8-test-standard-latest-python3.11-async-noauth-nossl-standalone-cov 60.53% <ø> (+0.01%) ⬆️
no-c-ext-rhel8-test-standard-latest-python3.12-async-noauth-ssl-replica-set-cov 62.70% <ø> (+0.01%) ⬆️
no-c-ext-rhel8-test-standard-latest-python3.13-async-auth-ssl-sharded-cluster-cov 62.27% <ø> (ø)
no-c-ext-rhel8-test-standard-latest-python3.14-async-noauth-nossl-standalone-cov 60.18% <ø> (ø)
ocsp-rhel8-test-ocsp-ecdsa-valid-cert-server-staples-latest-python3.14-cov 34.22% <ø> (?)
ocsp-rhel8-test-ocsp-rsa-valid-cert-server-staples-latest-python3.14-cov 34.22% <ø> (?)
pyopenssl-macos-test-standard-latest-python3.12-async-noauth-ssl-replica-set-cov 61.73% <ø> (?)
pyopenssl-rhel8-test-standard-latest-python3.12-async-noauth-ssl-replica-set-cov 61.78% <ø> (?)
pyopenssl-win64-test-standard-latest-python3.12-async-noauth-ssl-replica-set-cov 61.65% <ø> (?)
stable-api-accept-v2-rhel8-auth-test-standard-latest-python3.11-async-noauth-nossl-standalone-cov 59.32% <ø> (-0.01%) ⬇️
stable-api-accept-v2-rhel8-auth-test-standard-latest-python3.14-async-noauth-nossl-standalone-cov 58.98% <ø> (ø)
stable-api-require-v1-rhel8-auth-test-standard-latest-python3.11-async-noauth-nossl-standalone-cov 59.30% <ø> (+<0.01%) ⬆️
stable-api-require-v1-rhel8-auth-test-standard-latest-python3.13-async-auth-ssl-sharded-cluster-cov 60.92% <ø> (ø)
stable-api-require-v1-rhel8-auth-test-standard-latest-python3.14-async-noauth-nossl-standalone-cov 58.96% <ø> (+<0.01%) ⬆️
storage-inmemory-rhel8-test-standard-latest-python3.11-async-noauth-nossl-standalone-cov 59.32% <ø> (-0.04%) ⬇️
storage-inmemory-rhel8-test-standard-latest-python3.14-async-noauth-nossl-standalone-cov 58.98% <ø> (-0.02%) ⬇️
test-macos-arm64-test-standard-latest-python3.11-async-noauth-nossl-standalone-cov 59.31% <ø> (+<0.01%) ⬆️
test-macos-arm64-test-standard-latest-python3.12-async-noauth-ssl-replica-set-cov 61.45% <ø> (-0.06%) ⬇️
test-macos-arm64-test-standard-latest-python3.13-async-auth-ssl-sharded-cluster-cov 61.06% <ø> (+<0.01%) ⬆️
test-macos-arm64-test-standard-latest-python3.14-async-noauth-nossl-standalone-cov 58.95% <ø> (-0.02%) ⬇️
test-macos-test-standard-latest-python3.11-async-noauth-nossl-standalone-cov 59.32% <ø> (?)
test-macos-test-standard-latest-python3.12-async-noauth-ssl-replica-set-cov 61.47% <ø> (?)
test-macos-test-standard-latest-python3.13-async-auth-ssl-sharded-cluster-cov 61.06% <ø> (?)
test-macos-test-standard-latest-python3.14-async-noauth-nossl-standalone-cov 58.95% <ø> (?)
test-numpy-macos-arm64-test-numpy-python3.14-python3.14-cov 32.61% <ø> (-0.02%) ⬇️
test-numpy-macos-test-numpy-python3.14-python3.14-cov 32.61% <ø> (?)
test-numpy-rhel8-test-numpy-python3.14-python3.14-cov 32.61% <ø> (ø)
test-numpy-win32-test-numpy-python3.14-python3.14-cov 32.59% <ø> (-0.01%) ⬇️
test-numpy-win64-test-numpy-python3.14-python3.14-cov 32.59% <ø> (-0.01%) ⬇️
test-win32-test-standard-latest-python3.11-async-noauth-nossl-standalone-cov 59.20% <ø> (+<0.01%) ⬆️
test-win32-test-standard-latest-python3.12-async-noauth-ssl-replica-set-cov 61.42% <ø> (ø)
test-win32-test-standard-latest-python3.13-async-auth-ssl-sharded-cluster-cov 61.04% <ø> (ø)
test-win32-test-standard-latest-python3.14-async-noauth-nossl-standalone-cov 58.83% <ø> (-0.01%) ⬇️
test-win64-test-standard-latest-python3.11-async-noauth-nossl-standalone-cov 59.22% <ø> (+0.03%) ⬆️
test-win64-test-standard-latest-python3.12-async-noauth-ssl-replica-set-cov 61.41% <ø> (-0.01%) ⬇️
test-win64-test-standard-latest-python3.13-async-auth-ssl-sharded-cluster-cov 61.04% <ø> (ø)
test-win64-test-standard-latest-python3.14-async-noauth-nossl-standalone-cov 58.84% <ø> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@Jibola Jibola Awaiting requested review from Jibola Jibola is a code owner automatically assigned from mongodb/dbx-python

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@NoahStapp @codecov-commenter