diff --git a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h index 242b49e75f50..5391f1a5852a 100644 --- a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h +++ b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h @@ -297,6 +297,10 @@ public: const ProgramState* addTaint(SymbolRef S, TaintTagType Kind = TaintTagGeneric) const; + /// Create a new state in which the region symbol is marked as tainted. + const ProgramState* addTaint(const MemRegion *R, + TaintTagType Kind = TaintTagGeneric) const; + /// Check if the statement is tainted in the current state. bool isTainted(const Stmt *S, TaintTagType Kind = TaintTagGeneric) const; bool isTainted(SVal V, TaintTagType Kind = TaintTagGeneric) const; diff --git a/clang/lib/StaticAnalyzer/Core/ProgramState.cpp b/clang/lib/StaticAnalyzer/Core/ProgramState.cpp index af038c6f0f5e..9ea8abd9521b 100644 --- a/clang/lib/StaticAnalyzer/Core/ProgramState.cpp +++ b/clang/lib/StaticAnalyzer/Core/ProgramState.cpp @@ -658,13 +658,19 @@ const ProgramState* ProgramState::addTaint(const Stmt *S, return addTaint(Sym, Kind); const MemRegion *R = getSVal(S).getAsRegion(); - if (const SymbolicRegion *SR = dyn_cast_or_null(R)) - return addTaint(SR->getSymbol(), Kind); + addTaint(R, Kind); // Cannot add taint, so just return the state. return this; } +const ProgramState* ProgramState::addTaint(const MemRegion *R, + TaintTagType Kind) const { + if (const SymbolicRegion *SR = dyn_cast_or_null(R)) + return addTaint(SR->getSymbol(), Kind); + return this; +} + const ProgramState* ProgramState::addTaint(SymbolRef Sym, TaintTagType Kind) const { const ProgramState *NewState = set(Sym, Kind);