Irregexp-ia32: Fixed backref-matching (works, and advances current position).

src/interpreter-irregexp.cc

Index: src/interpreter-irregexp.cc
diff --git a/src/interpreter-irregexp.cc b/src/interpreter-irregexp.cc
index d5d1a89ca9ff91d4efb542a78fa7c7b2ddd646f7..f76c13501d29cd7a0487bdb72ad10f7b87301ab5 100644
--- a/src/interpreter-irregexp.cc
+++ b/src/interpreter-irregexp.cc
@@ -333,6 +333,10 @@ static bool RawMatch(const byte* code_base,
       BYTECODE(CHECK_NOT_BACK_REF) {
         int from = registers[pc[1]];
         int len = registers[pc[1] + 1] - from;
+        if (from < 0 || len <= 0) {
+          pc += BC_CHECK_NOT_BACK_REF_LENGTH;
+          break;
+        }
         if (current + len > subject.length()) {
           pc = code_base + Load32(pc + 2);
           break;
@@ -353,6 +357,10 @@ static bool RawMatch(const byte* code_base,
       BYTECODE(CHECK_NOT_BACK_REF_NO_CASE) {
         int from = registers[pc[1]];
         int len = registers[pc[1] + 1] - from;
+        if (from < 0 || len <= 0) {
+          pc += BC_CHECK_NOT_BACK_REF_NO_CASE_LENGTH;
+          break;
+        }
         if (current + len > subject.length()) {
           pc = code_base + Load32(pc + 2);
           break;