diff --git a/ChangeLog b/ChangeLog
index f6bfdae..4264b0a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -119,6 +119,10 @@ bug was discovered by the LLVM fuzzer.
 another group caused a buffer overflow. For example: /(?J)(?'d'(?'d'\g{d}))/.
 This bug was discovered by the LLVM fuzzer.
 
+30. A forward reference by name to a group whose number is the same as the
+current group, for example in this pattern: /(?|(\k'Pm')|(?'Pm'))/, caused a
+buffer overflow at compile time. This bug was discovered by the LLVM fuzzer.
+
 
 Version 10.10 06-March-2015
 ---------------------------
diff --git a/src/pcre2_compile.c b/src/pcre2_compile.c
index 9250a71..41c6ae8 100644
--- a/src/pcre2_compile.c
+++ b/src/pcre2_compile.c
@@ -5984,6 +5984,14 @@ for (;; ptr++)
           not be set at the point of reference. */
 
           *lengthptr += IMM2_SIZE;
+          
+          /* If this is a forward reference and we are within a (?|...) group,
+          the reference may end up as the number of a group which we are 
+          currently inside, that is, it could be a recursive reference. In the 
+          real compile this will be picked up and the reference wrapped with 
+          OP_ONCE to make it atomic, so we must space in case this occurs. */ 
+          
+          if (recno == 0) *lengthptr += 2 + 2*LINK_SIZE;
           }
 
         /* In the real compile, search the name table. We check the name
diff --git a/testdata/testinput1 b/testdata/testinput1
index 7830cd6..884faf1 100644
--- a/testdata/testinput1
+++ b/testdata/testinput1
@@ -5724,4 +5724,7 @@ name)/mark
 /(?1)()((((((\1++))\x85)+)|))/
     \x85\x85
 
+"(?|(\k'Pm')|(?'Pm'))"
+    abcd
+
 # End of testinput1 
diff --git a/testdata/testoutput1 b/testdata/testoutput1
index ebf6ef4..942dc7d 100644
--- a/testdata/testoutput1
+++ b/testdata/testoutput1
@@ -9458,4 +9458,9 @@ No match
  6: 
  7: 
 
+"(?|(\k'Pm')|(?'Pm'))"
+    abcd
+ 0: 
+ 1: 
+
 # End of testinput1