From fca59069e693189a569816f28c4dfe4833224adc Mon Sep 17 00:00:00 2001
From: Kobrin Ilay <ilayko3110@yandex.ru>
Date: Fri, 30 May 2025 17:45:05 +0300
Subject: [PATCH 1/2] fix wiremessage oob in case of intmin

---
 x/mongo/driver/wiremessage/wiremessage.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/x/mongo/driver/wiremessage/wiremessage.go b/x/mongo/driver/wiremessage/wiremessage.go
index dd16cb7be0..f2e5c1ac2b 100644
--- a/x/mongo/driver/wiremessage/wiremessage.go
+++ b/x/mongo/driver/wiremessage/wiremessage.go
@@ -406,7 +406,7 @@ func ReadMsgSectionDocumentSequence(src []byte) (identifier string, docs []bsonc
 // sequence data.
 func ReadMsgSectionRawDocumentSequence(src []byte) (identifier string, data []byte, rem []byte, ok bool) {
 	length, rem, ok := readi32(src)
-	if !ok || int(length) > len(src) || length-4 < 0 {
+	if !ok || int(length) > len(src) || length < 0 || length-4 < 0 {
 		return "", nil, src, false
 	}
 

From 9eab72ac2a913a86acb21f382b55cdc4f4f10935 Mon Sep 17 00:00:00 2001
From: Preston Vasquez <prestonvasquez@icloud.com>
Date: Tue, 1 Jul 2025 13:05:06 -0600
Subject: [PATCH 2/2] check length < 4 to avoid oob

---
 x/mongo/driver/wiremessage/wiremessage.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/x/mongo/driver/wiremessage/wiremessage.go b/x/mongo/driver/wiremessage/wiremessage.go
index f2e5c1ac2b..f0b1b5e533 100644
--- a/x/mongo/driver/wiremessage/wiremessage.go
+++ b/x/mongo/driver/wiremessage/wiremessage.go
@@ -406,7 +406,7 @@ func ReadMsgSectionDocumentSequence(src []byte) (identifier string, docs []bsonc
 // sequence data.
 func ReadMsgSectionRawDocumentSequence(src []byte) (identifier string, data []byte, rem []byte, ok bool) {
 	length, rem, ok := readi32(src)
-	if !ok || int(length) > len(src) || length < 0 || length-4 < 0 {
+	if !ok || int(length) > len(src) || length < 4 {
 		return "", nil, src, false
 	}