fix(audio): keep the data pointed to by tmpDevName in scope

Fix the use after free in Audio::initInput and Audio::initOutput
by storing the buffer returned by QString::toUtf8 (which contains data
pointed to by tmpDevName) in an intermediate variable, preventing the
buffer from falling out of scope for the duration of the function.

Fixes #3786

src/audio/audio.cpp

@@ -352,9 +352,12 @@ bool Audio::initInput(const QString& deviceName)
     const uint32_t chnls = AUDIO_CHANNELS;
     const ALCsizei bufSize = (frameDuration * sampleRate * 4) / 1000 * chnls;
 
+    const QByteArray qDevName = deviceName.isEmpty()
+                                ? nullptr
+                                : deviceName.toUtf8();
     const ALchar* tmpDevName = deviceName.isEmpty()
                                ? nullptr
-                               : deviceName.toUtf8().constData();
+                               : qDevName.constData();
     alInDev = alcCaptureOpenDevice(tmpDevName, sampleRate, stereoFlag, bufSize);
 
     // Restart the capture if necessary
@@ -386,9 +389,12 @@ bool Audio::initOutput(const QString& deviceName)
     qDebug() << "Opening audio output" << deviceName;
     assert(!alOutDev);
 
+    const QByteArray qDevName = deviceName.isEmpty()
+                                ? nullptr
+                                : deviceName.toUtf8();
     const ALchar* tmpDevName = deviceName.isEmpty()
                                ? nullptr
-                               : deviceName.toUtf8().constData();
+                               : qDevName.constData();
     alOutDev = alcOpenDevice(tmpDevName);
 
     if (!alOutDev)