Check for integer overflow in subroutine calls.

ChangeLog

@@ -146,6 +146,8 @@ code for handling forward references was contorted and led to several errors in
 computing the memory requirements for some patterns, leading to buffer 
 overflows.
 
+37. There was no check for integer overflow in subroutine calls such as (?123).
+
 
 Version 10.10 06-March-2015
 ---------------------------

src/pcre2_compile.c

@@ -6484,7 +6484,15 @@ for (;; ptr++)
 
           recno = 0;
           while (IS_DIGIT(*ptr))
+            {
+            if (recno > INT_MAX / 10 - 1) /* Integer overflow */
+              {
+              while (IS_DIGIT(*ptr)) ptr++;
+              *errorcodeptr = ERR61;
+              goto FAILED;
+              }
             recno = recno * 10 + *ptr++ - CHAR_0;
+            } 
 
           if (*ptr != (PCRE2_UCHAR)terminator)
             {

testdata/testinput2

@@ -4323,4 +4323,6 @@ a random value. /Ix
 
 "(?J:(?|(?'R')(\k'R')|((?'R'))))"
 
+/(?<=|(\,\$(?73591620449005828816)\xa8.{7}){6}\x09)/
+
 # End of testinput2 

testdata/testoutput2

@@ -14449,4 +14449,7 @@ Failed: error 162 at offset 4: subpattern name expected
 
 "(?J:(?|(?'R')(\k'R')|((?'R'))))"
 
+/(?<=|(\,\$(?73591620449005828816)\xa8.{7}){6}\x09)/
+Failed: error 161 at offset 32: number is too big
+
 # End of testinput2