Loading the testcase *in a debug build* results in a really tall div and a printf message like nsLineLayout: ComboboxControl(select)(1)@0x25a06a8 didn't set whad 0,330,-559038737,-559038737! I don't know whether the memory involved is ever initialized (e.g. to zero) in non-debug builds, so I'm marking this as security-sensitive for now.
bz says that because the nsHTMLReflowMetrics constructor initializes these things (even in non-debug builds), we're never using a value from uninitialized memory. So this bug isn't a security issue.
Is this still an issue? I'd bet the reflow branch fixed this (in particular, I don't see the warning and wouldn't expect anything weird in that testcase).
WFM. Debug rendering is reasonable now (and matches opt rendering), and the warning is gone. --> Fixed by reflow branch landing (bug 300030).
Status: NEW → RESOLVED
Last Resolved: 12 years ago
Depends on: 300030
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.