From c22be0b181e954a4cc00ed4f5c7df974f3061c3c Mon Sep 17 00:00:00 2001
From: Mark Johnston <markj@FreeBSD.org>
Date: Wed, 23 Oct 2024 16:55:39 +0000
Subject: [PATCH] mixer: Fix a bogus free() call in the main loop

After a strsep() call, p might not point at the original allocation
anymore.

Reported by:	CHERI
Reviewed by:	christos
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D47266
---
 usr.sbin/mixer/mixer.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/usr.sbin/mixer/mixer.c b/usr.sbin/mixer/mixer.c
index 468130ddaa88..70a35f71b25f 100644
--- a/usr.sbin/mixer/mixer.c
+++ b/usr.sbin/mixer/mixer.c
@@ -147,7 +147,9 @@ main(int argc, char *argv[])
 
 parse:
 	while (argc > 0) {
-		if ((p = strdup(*argv)) == NULL)
+		char *orig;
+
+		if ((orig = p = strdup(*argv)) == NULL)
 			err(1, "strdup(%s)", *argv);
 
 		/* Check if we're using the shorthand syntax for volume setting. */
@@ -200,7 +202,7 @@ parse:
 		/* Input: `dev.control=val`. */
 		cp->mod(cp->parent_dev, valstr);
 next:
-		free(p);
+		free(orig);
 		argc--;
 		argv++;
 	}