Fix array bounds violation in regex matcher (bug 25149)

Fix array bounds violation in regex matcher (bug 25149)

If the regex has more subexpressions than the number of elements allocated
in the regmatch_t array passed to regexec then proceed_next_node may
access the regmatch_t array outside its bounds.

No testcase added because even without this bug it would then crash in
pop_fail_stack which is bug 11053.