2 files changed, 12 insertions, 2 deletions

diff --git a/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h b/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
index 242b49e75f..5391f1a585 100644
--- a/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
+++ b/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
@@ -297,6 +297,10 @@ public:
   const ProgramState* addTaint(SymbolRef S,
                                TaintTagType Kind = TaintTagGeneric) const;
 
+  /// Create a new state in which the region symbol is marked as tainted.
+  const ProgramState* addTaint(const MemRegion *R,
+                               TaintTagType Kind = TaintTagGeneric) const;
+
   /// Check if the statement is tainted in the current state.
   bool isTainted(const Stmt *S, TaintTagType Kind = TaintTagGeneric) const;
   bool isTainted(SVal V, TaintTagType Kind = TaintTagGeneric) const;
diff --git a/lib/StaticAnalyzer/Core/ProgramState.cpp b/lib/StaticAnalyzer/Core/ProgramState.cpp
index af038c6f0f..9ea8abd952 100644
--- a/lib/StaticAnalyzer/Core/ProgramState.cpp
+++ b/lib/StaticAnalyzer/Core/ProgramState.cpp
@@ -658,13 +658,19 @@ const ProgramState* ProgramState::addTaint(const Stmt *S,
     return addTaint(Sym, Kind);
 
   const MemRegion *R = getSVal(S).getAsRegion();
-  if (const SymbolicRegion *SR = dyn_cast_or_null<SymbolicRegion>(R))
-    return addTaint(SR->getSymbol(), Kind);
+  addTaint(R, Kind);
 
   // Cannot add taint, so just return the state.
   return this;
 }
 
+const ProgramState* ProgramState::addTaint(const MemRegion *R,
+                                           TaintTagType Kind) const {
+  if (const SymbolicRegion *SR = dyn_cast_or_null<SymbolicRegion>(R))
+    return addTaint(SR->getSymbol(), Kind);
+  return this;
+}
+
 const ProgramState* ProgramState::addTaint(SymbolRef Sym,
                                            TaintTagType Kind) const {
   const ProgramState *NewState = set<TaintMap>(Sym, Kind);