File perl-regexp-refoverflow.diff of Package perl

--- ./regcomp.c.orig	2013-05-10 02:30:48.000000000 +0000
+++ ./regcomp.c	2013-06-06 13:04:19.000000000 +0000
@@ -8998,7 +8998,7 @@ S_reg(pTHX_ RExC_state_t *pRExC_state, I
 
                 ret = reganode(pRExC_state, GOSUB, num);
                 if (!SIZE_ONLY) {
-		    if (num > (I32)RExC_rx->nparens) {
+		    if (num < 0 || num > (I32)RExC_rx->nparens) {
 			RExC_parse++;
 			vFAIL("Reference to nonexistent group");
 	            }
@@ -10654,7 +10654,7 @@ tryagain:
                     if (num < 1)
                         vFAIL("Reference to nonexistent or unclosed group");
                 }
-		if (!isg && num > 9 && num >= RExC_npar)
+		if (!isg && (num < 0 || (num > 9 && num >= RExC_npar)))
                     /* Probably a character specified in octal, e.g. \35 */
 		    goto defchar;
 		else {
@@ -10669,7 +10669,7 @@ tryagain:
                         RExC_parse++;
                     }    
 		    if (!SIZE_ONLY) {
-		        if (num > (I32)RExC_rx->nparens)
+		        if (num < 0 || num > (I32)RExC_rx->nparens)
 			    vFAIL("Reference to nonexistent group");
 		    }
 		    RExC_sawback = 1;
@@ -10934,7 +10934,7 @@ tryagain:
 		    case '0': case '1': case '2': case '3':case '4':
 		    case '5': case '6': case '7':
 			if (*p == '0' ||
-			    (isDIGIT(p[1]) && atoi(p) >= RExC_npar))
+			    (isDIGIT(p[1]) && (U32)atoi(p) >= (U32)RExC_npar))
 			{
 			    I32 flags = PERL_SCAN_SILENT_ILLDIGIT;
 			    STRLEN numlen = 3;