GVN substituting unequal capabilities

[brooksdavis]

In this snippet from the CHERI version of jemalloc in CheriBSD, changing the first assert to just compare the pointers should work, causes the second assert to fail:

	ubptr = cheri_setaddress(extent->e_addr, (vaddr_t)ptr);
	assert((vaddr_t)ptr == (vaddr_t)ubptr);
	assert(cheri_getbase(ubptr) == cheri_getbase(extent->e_addr));

(link to code: https://github.com/CTSRD-CHERI/cheribsd/blob/6a9e74b4bd73bef8cffdb0f134fc657fed60e029/contrib/jemalloc/include/jemalloc/internal/jemalloc_internal_inlines_c.h#L58-L60)

It appears that ptr is being substituted for ubptr in the second assertion which causes the wrong bounds to be examined.

@jrtc27 produced the following reproducer:

long
foo(void *b, void *p)
{
    void *q;

    q = __builtin_cheri_address_set(b, (long)p);
    if (p == q)
        return (__builtin_cheri_length_get(q));
    return (0);
}