TaintLess: CUF taint via dropdowns

On Classic Wrath, CompactUnitFrameProfiles_ActivateRaidProfile calls UIDropDownMenu_SetSelectedValue without initializing a dropdown. If the dropdown infrastructure is tainted at that time, UIDropDownMenu_Refresh will taint the current execution, and the subsequent call to CompactUnitFrameProfiles_ApplyProfile will propagate taint to the CUF widgets. Taint errors may then occur when e.g. GROUP_ROSTER_UPDATE triggers CompactRaidFrameContainer_OnEvent while in combat.

Affected versions: 3.4.3.52237 (unfixed).

To reproduce

1. In Interface Options, enable Use Raid-Style Party Frames and create two CUF profiles, setting one to auto-activate in PvE/PvP.
2. Move to an instance portal. Use the Group Finder to create a private party. Switch to the non-auto-activating CUF profile.
3. Execute the following macro:
   Patch 3.4.3

   /run EasyMenu({{text="!"}}, CreateFrame("Frame", "T", nil, "UIDropDownMenuTemplate"), "cursor", 0,0,"MENU")
4. Enter the instance.
5. Observe that the auto-activating CUF profile is now active, and /dump issecurevariable(CompactRaidFrameContainer, "groupMode") indicates that the CUF infrastructure is tainted.

AddOn workaround

A workaround for this issue is included in TaintLess.