Fix array bounds violation in regex matcher (bug 25149)

If the regex has more subexpressions than the number of elements allocated
in the regmatch_t array passed to regexec then proceed_next_node may
access the regmatch_t array outside its bounds.

No testcase added because even without this bug it would then crash in
pop_fail_stack which is bug 11053.