Most of this comes from BSON also being the internal storage format for a database server. For example, at least the redundant string NULs make it possible to use C library functions without copying, the unpacked ints allow direct dereferencing, etc.
I've no clue about the trailing NUL on the record itself, perhaps a safety feature?
> I've no clue about the trailing NUL on the record itself, perhaps a safety feature?
Could be. Or perhaps there's enough code paths in common between string parsing and document parsing that they decided to put a trailing null byte on both.
Stepping back a bit, though, the fact that BSON is optimized for "direct" use in C code is really scary. That suggests that any failure to completely validate BSON data could open up vulnerabilities in C code manipulating it.
I've no clue about the trailing NUL on the record itself, perhaps a safety feature?