Bounce through SDL2 heap in AudioCVT::convert

This commit rewrites AudioCVT::convert to bounce the audio buffer into a
an SDL2 heap allocation, rather than trying to reuse the rust heap
buffer.  This is critical, as the underlying library warns internally
that the buffer may be reallocated, breaking configurations where
the library is not using the same heap as rust.

The underlying implementation also notes that the underlying buffer may
be transparently resized to larger than the output as part of the
transformations, so relying on the buffer being capacity() bytes long to
ensure the buffer is not re-allocated is a broken assumption.

Closes Rust-SDL2#1096

Author: waych

src/sdl2/audio.rs

@@ -1012,27 +1012,35 @@ impl AudioCVT {
             if self.raw.needed != 0 {
                 let mut raw = self.raw;
 
-                // calculate the size of the dst buffer
+                // calculate the size of the dst buffer.
                 use std::convert::TryInto;
                 raw.len = src.len().try_into().expect("Buffer length overflow");
+
+                // This is more a suggestion, and not really a guarantee...
                 let dst_size = self.capacity(src.len());
-                let needed = dst_size - src.len();
-                src.reserve_exact(needed);
 
-                // perform the conversion in place
-                raw.buf = src.as_mut_ptr();
+                // Bounce into SDL2 heap allocation as SDL_ConvertAudio may rewrite the pointer.
+                raw.buf = sys::SDL_malloc(dst_size as u32) as *mut _;
+                if raw.buf.is_null() {
+                    panic!("Failed SDL_malloc needed for SDL_ConvertAudio");
+                }
+                // raw.buf is dst_size long, but we want to copy into only the first src.len bytes.
+                std::slice::from_raw_parts_mut(raw.buf, src.len()).copy_from_slice(src.as_ref());
+
                 let ret = sys::SDL_ConvertAudio(&mut raw);
                 // There's no reason for SDL_ConvertAudio to fail.
                 // The only time it can fail is if buf is NULL, which it never is.
                 if ret != 0 {
                     panic!("{}", get_error())
                 }
 
-                // return original buffer back to caller
-                debug_assert!(raw.len_cvt > 0);
-                debug_assert!(raw.len_cvt as usize <= src.capacity());
+                // Bounce back into src, trying to re-use the same buffer.
+                let outlen: usize = raw.len_cvt.try_into().expect("Buffer size rollover");
+                debug_assert!(outlen <= dst_size);
+                src.resize(outlen, 0);
+                src.copy_from_slice(std::slice::from_raw_parts_mut(raw.buf, outlen));
+                sys::SDL_free(raw.buf as *mut _);
 
-                src.set_len(raw.len_cvt as usize);
                 src
             } else {
                 // The buffer remains unmodified