Pwning the Ladybird Browser

1. ladybird

   1 56 43,764 10.0 C++

   Truly independent web browser

   

   This is an FAQ

   “ Ladybird started as a component of the SerenityOS hobby project, which only allows C++. The choice of language was not so much a technical decision, but more one of personal convenience. Andreas was most comfortable with C++ when creating SerenityOS, and now we have almost half a million lines of modern C++ to maintain.

   However, now that Ladybird has forked and become its own independent project, all constraints previously imposed by SerenityOS are no longer in effect.

   We have evaluated a number of alternatives, and will begin incremental adoption of Swift as a successor language, once Swift version 6 is released.”

   https://ladybird.org/#faq

2. InfluxDB

   www.influxdata.com featured

   InfluxDB – Built for High-Performance Time Series Workloads. InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.

   

3. june

   2 1 800 - Rust

   

   Mostly because the author switched focus to yet another language, and eventually decided to focus on something else instead of programming languages.

   https://github.com/sophiajt/june

4. scpptool

   3 6 165 9.3 C++

   scpptool is a command line tool to help enforce a memory and data race safe subset of C++.

   

   This particular memory vulnerability, as I understand it, was a result of a `ReadonlySpan<>` targeting a resizable vector. A simple technique used by the scpptool-enforced safe subset of C++ to address this situation is to temporarily move the contents of the resizable vector into a non-resizable vector [1] and target the span at the non-resizable vector instead.

   Upon destruction, the non-resizable vector will automatically return the contents back to the original resizable vector. (It's somewhat analogous to borrowing a slice in Rust.)

   While it wouldn't necessarily prevent you from doing the flawed/buggy thing you were trying to do, it would prevent it from resulting in a memory vulnerability.

   [1] https://github.com/duneroadrunner/scpptool#xslta_vector-xslt...

5. foundationdb

   4 24 15,363 9.8 C++

   FoundationDB - the open source, distributed, transactional key-value store

   

   I'm honestly not at all familiar with browsers but I really do wonder if a custom language wouldn't be a reasonable tradeoff. It's not all that insane as that is a path that has been walked before. For instance FoundationDB has their own syntax to manage their actor system which just transpiles to C++: https://github.com/apple/foundationdb/blob/main/flow/README....

   V8 also has torque which I think to some degree also fits into that type of mindset.

Suggest a related project