--- ./regcomp.c.orig 2013-05-10 02:30:48.000000000 +0000 +++ ./regcomp.c 2013-06-06 13:04:19.000000000 +0000 @@ -8998,7 +8998,7 @@ S_reg(pTHX_ RExC_state_t *pRExC_state, I ret = reganode(pRExC_state, GOSUB, num); if (!SIZE_ONLY) { - if (num > (I32)RExC_rx->nparens) { + if (num < 0 || num > (I32)RExC_rx->nparens) { RExC_parse++; vFAIL("Reference to nonexistent group"); } @@ -10654,7 +10654,7 @@ tryagain: if (num < 1) vFAIL("Reference to nonexistent or unclosed group"); } - if (!isg && num > 9 && num >= RExC_npar) + if (!isg && (num < 0 || (num > 9 && num >= RExC_npar))) /* Probably a character specified in octal, e.g. \35 */ goto defchar; else { @@ -10669,7 +10669,7 @@ tryagain: RExC_parse++; } if (!SIZE_ONLY) { - if (num > (I32)RExC_rx->nparens) + if (num < 0 || num > (I32)RExC_rx->nparens) vFAIL("Reference to nonexistent group"); } RExC_sawback = 1; @@ -10934,7 +10934,7 @@ tryagain: case '0': case '1': case '2': case '3':case '4': case '5': case '6': case '7': if (*p == '0' || - (isDIGIT(p[1]) && atoi(p) >= RExC_npar)) + (isDIGIT(p[1]) && (U32)atoi(p) >= (U32)RExC_npar)) { I32 flags = PERL_SCAN_SILENT_ILLDIGIT; STRLEN numlen = 3;