diff --git a/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
index 76405a2db21d29b75c64bef49738a4a0e7f9caef..dcf7694464ed6521d416ba02a03d209ef4baf21d 100644
--- a/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
@@ -63,6 +63,7 @@ void GenericTaintChecker::checkPostStmt(const CallExpr *CE,
   FnCheck evalFunction = llvm::StringSwitch<FnCheck>(Name)
     .Case("scanf", &GenericTaintChecker::processScanf)
     .Case("getchar", &GenericTaintChecker::processRetTaint)
+    .Case("getenv", &GenericTaintChecker::processRetTaint)
     .Default(NULL);
 
   // If the callee isn't defined, it is not of security concern.
diff --git a/clang/lib/StaticAnalyzer/Core/ProgramState.cpp b/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
index 43b0b3e9423bb099a38cce1c8a30157bd1f16b55..af038c6f0f5e4c0976301ed1545599c34a386ccc 100644
--- a/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
+++ b/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
@@ -654,8 +654,15 @@ bool ProgramState::scanReachableSymbols(const MemRegion * const *I,
 const ProgramState* ProgramState::addTaint(const Stmt *S,
                                            TaintTagType Kind) const {
   SymbolRef Sym = getSVal(S).getAsSymbol();
-  assert(Sym && "Cannot add taint to statements whose value is not a symbol");
-  return addTaint(Sym, Kind);
+  if (Sym)
+    return addTaint(Sym, Kind);
+
+  const MemRegion *R = getSVal(S).getAsRegion();
+  if (const SymbolicRegion *SR = dyn_cast_or_null<SymbolicRegion>(R))
+    return addTaint(SR->getSymbol(), Kind);
+
+  // Cannot add taint, so just return the state.
+  return this;
 }
 
 const ProgramState* ProgramState::addTaint(SymbolRef Sym,
diff --git a/clang/test/Analysis/taint-tester.c b/clang/test/Analysis/taint-tester.c
index da1ff024d10f575c38762174f849be449371fa68..7e2d77175871df75b785ce130bc79b5b8d0cfdc3 100644
--- a/clang/test/Analysis/taint-tester.c
+++ b/clang/test/Analysis/taint-tester.c
@@ -70,3 +70,13 @@ void BitwiseOp(int in, char inn) {
     m = inn;
   int mm = m; // expected-warning   {{tainted}}
 }
+
+// Test getenv.
+char *getenv(const char *name);
+void getenvTest(char *home) {
+  home = getenv("HOME"); // expected-warning 2 {{tainted}}
+  if (home != 0) { // expected-warning 2 {{tainted}}
+      char d = home[0]; // expected-warning 2 {{tainted}}
+    }
+}
+