Fix the JIT buffer relocation failure at the corner case

Avoids missing possible candidates due to the large address range of the free segment.
Eg, 

48000000-49400000 r-xs 08000000 00:0f 39322841               segment1
7ffff2ec8000-7ffff2f49000 rw-p 00000000 00:00 0              segment2
7ffff6fae000-7ffff735c000 r-xp 00200000 08:02 11538515       /usr/local/sbin/php-fpm

original code will miss the opportunity between [7ffff2ec** - 7ffff2ec8000].

Fix issue #11265.

Signed-off-by: Long, Tao <[email protected]>

Author: LoongT4o

ext/opcache/shared_alloc_mmap.c

@@ -52,11 +52,13 @@
 static void *find_prefered_mmap_base(size_t requested_size)
 {
 	size_t huge_page_size = 2 * 1024 * 1024;
-	uintptr_t last_free_addr = 0;
 	uintptr_t last_candidate = (uintptr_t)MAP_FAILED;
 	uintptr_t start, end, text_start = 0;
+
 #if defined(__linux__)
 	FILE *f;
+	uintptr_t last_candidate_end = 0;
+	uintptr_t pre_seg_end = 0;
 	char buffer[MAXPATHLEN];
 
 	f = fopen("/proc/self/maps", "r");
@@ -67,14 +69,15 @@ static void *find_prefered_mmap_base(size_t requested_size)
 	while (fgets(buffer, MAXPATHLEN, f) && sscanf(buffer, "%lx-%lx", &start, &end) == 2) {
 		if ((uintptr_t)execute_ex >= start) {
 			/* the current segment lays before PHP .text segment or PHP .text segment itself */
-			if (last_free_addr + requested_size <= start) {
-				last_candidate = last_free_addr;
+			if (start - pre_seg_end >= requested_size + huge_page_size) {
+				last_candidate = start - requested_size - huge_page_size;
+				last_candidate = ZEND_MM_ALIGNED_SIZE_EX(last_candidate, huge_page_size);
 			}
 			if ((uintptr_t)execute_ex < end) {
 				/* the current segment is PHP .text segment itself */
 				if (last_candidate != (uintptr_t)MAP_FAILED) {
 					if (end - last_candidate < UINT32_MAX) {
-						/* we have found a big enough hole before the text segment */
+						/* we have found a big enough hole before the .text segment */
 						break;
 					}
 					last_candidate = (uintptr_t)MAP_FAILED;
@@ -83,20 +86,22 @@ static void *find_prefered_mmap_base(size_t requested_size)
 			}
 		} else {
 			/* the current segment lays after PHP .text segment */
-			if (last_free_addr + requested_size - text_start > UINT32_MAX) {
+			last_candidate_end = pre_seg_end + requested_size + huge_page_size;
+			if (last_candidate_end - text_start > UINT32_MAX) {
 				/* the current segment and the following segments lay too far from PHP .text segment */
 				break;
 			}
-			if (last_free_addr + requested_size <= start) {
-				last_candidate = last_free_addr;
+			if (last_candidate_end <= start) {
+				last_candidate = ZEND_MM_ALIGNED_SIZE_EX(pre_seg_end, huge_page_size);
 				break;
 			}
 		}
-		last_free_addr = ZEND_MM_ALIGNED_SIZE_EX(end, huge_page_size);
+		pre_seg_end = end;
 
 	}
 	fclose(f);
 #elif defined(__FreeBSD__)
+	uintptr_t last_free_addr = 0;
 	size_t s = 0;
 	int mib[4] = {CTL_KERN, KERN_PROC, KERN_PROC_VMMAP, getpid()};
 	if (sysctl(mib, 4, NULL, &s, NULL, 0) == 0) {