[UDFS] Fix this double free BSOD when extracting an archive via 7-Zip that was detected by Driver Verifier

[Zero3K20]

kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught.  This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 00000014, the pool the caller is trying to free is already free.
Arg2: 00001b5e, (reserved)
Arg3: 8a9104f0, pool header
Arg4: 00000000, pool header contents

Debugging Details:
------------------


BUGCHECK_STR:  0xc4_14

POOL_ADDRESS:  00000000 

DEFAULT_BUCKET_ID:  INTEL_CPU_MICROCODE_ZERO

PROCESS_NAME:  7zG.exe

CURRENT_IRQL:  2

LAST_CONTROL_TRANSFER:  from 8351b407 to 834a0788

STACK_TEXT:  
87f8b2e4 8351b407 00000003 bb23c4c1 00000065 nt!RtlpBreakWithStatusInstruction
87f8b334 8351bf04 00000003 8a9104f0 83406d74 nt!KiBugCheckDebugBreak+0x1c
87f8b6f8 8351b2a4 000000c4 00000014 00001b5e nt!KeBugCheck2+0x68a
87f8b718 83793c24 000000c4 00000014 00001b5e nt!KeBugCheckEx+0x1e
87f8b740 8377ff87 00000001 87f8b76c 87f8b760 nt!ExFreePoolSanityChecks+0x2d
87f8b750 8377ff52 8a9104f8 00000000 87f8b778 nt!VerifierExFreePoolWithTag+0x27
87f8b760 942326b9 8a9104f8 87f8b784 8a910514 nt!VerifierExFreePool+0x1f
87f8b778 94245149 8a9104f8 87f8b908 87f8b844 udfs!UDFDirIndexFree+0x79 [D:\reactos\drivers\filesystems\udfs\udf_info\dirtree.cpp @ 110]
87f8b834 9427625c 8b8aa5f0 8b045ed0 87f8b9b0 udfs!UDFCleanUpFile__+0x739 [D:\reactos\drivers\filesystems\udfs\udf_info\udf_info.cpp @ 2619]
87f8b920 94251c03 8a8b2f78 98a42568 00000000 udfs!UDFTeardownStructures+0x72c [D:\reactos\drivers\filesystems\udfs\strucsup.cpp @ 562]
87f8b9c8 9427695a 8a8b2f78 8c2ff290 00000000 udfs!UDFCommonClose+0x403 [D:\reactos\drivers\filesystems\udfs\close.cpp @ 213]
87f8ba54 8377e4d9 8b8aa520 8c2ff290 00000000 udfs!UDFFsdDispatch+0x18a [D:\reactos\drivers\filesystems\udfs\udfdata.cpp @ 163]
87f8ba78 83471ed9 85971562 8c2ff290 8b8aa520 nt!IovCallDriver+0x73
87f8ba8c 85971562 8b8a7440 8c2ff290 00000000 nt!IofCallDriver+0x1b
87f8bab0 85971721 87f8bad0 8b8a7440 00000000 fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x2b0
87f8bae8 8377e4d9 8b8a7440 8c2ff290 8c2ff290 fltmgr!FltpDispatch+0xc5
87f8bb0c 83471ed9 836781ce 8b8aa524 8b8a7440 nt!IovCallDriver+0x73
87f8bb20 836781ce 856ed6e0 8b02f030 00000000 nt!IofCallDriver+0x1b
87f8bb64 83668b30 8b02f048 8b02f048 8b02f030 nt!IopDeleteFile+0x10c
87f8bb7c 8349e1e0 00000000 0000014c 8b02f030 nt!ObpRemoveObjectRoutine+0x59
87f8bb90 8349e150 8b02f048 8368beb1 94cf1388 nt!ObfDereferenceObjectWithTag+0x88
87f8bb98 8368beb1 94cf1388 8c231148 0000014c nt!ObfDereferenceObject+0xd
87f8bbdc 8368bbc5 94cf1388 94c73298 8bdf5118 nt!ObpCloseHandleTableEntry+0x22f
87f8bc0c 8368bf71 8bdf5118 8c231101 0256f530 nt!ObpCloseHandle+0x7f
87f8bc28 83478a3a 0000014c 0256f5a4 77ad6b94 nt!NtClose+0x4e
87f8bc28 77ad6b94 0000014c 0256f5a4 77ad6b94 nt!KiSystemServicePostCall
0256f520 77ad4fbc 75b37bdd 0000014c 011483f8 ntdll!KiFastSystemCallRet
0256f524 75b37bdd 0000014c 011483f8 75ecb543 ntdll!NtClose+0xc
0256f5a4 01315aeb 0030cc30 00000010 01148918 KERNELBASE!SetFileAttributesW+0x17d
WARNING: Stack unwind information not available. Following frames may be wrong.
0256f5dc 01325fb9 01148918 01148850 01324ba7 7zG+0x5aeb
0256f644 0132564d 0256f68c 0256f693 00000000 7zG+0x15fb9
0256f684 6f0fae13 00000000 0100010a 0256f764 7zG+0x1564d
0256f780 013322b9 01148f80 0116c468 000001e3 7z!SetCodecs+0x41361
0256f868 0133184d 00000000 00000000 01148850 7zG+0x222b9
0256fa10 013579f3 0013f878 0013f890 0013f89c 7zG+0x2184d
0256faa0 0134d5f3 00000000 0013f100 01148850 7zG+0x479f3
0256faf4 0134d593 00000000 00000000 01148850 7zG+0x3d5f3
0256fb18 76651287 0013f100 049ececd 00000000 7zG+0x3d593
0256fb50 76651328 0256fb64 75edef3c 01148850 msvcrt!_endthreadex+0x44
0256fb58 75edef3c 01148850 0256fba4 77af360c msvcrt!_endthreadex+0xce
0256fb64 77af360c 01148850 75e143e4 00000000 kernel32!BaseThreadInitThunk+0xe
0256fba4 77af35df 766512e5 01148850 00000000 ntdll!__RtlUserThreadStart+0x70
0256fbbc 00000000 766512e5 01148850 00000000 ntdll!_RtlUserThreadStart+0x1b


STACK_COMMAND:  kb

FOLLOWUP_IP: 
udfs!UDFDirIndexFree+79 [D:\reactos\drivers\filesystems\udfs\udf_info\dirtree.cpp @ 110]
942326b9 3bf4            cmp     esi,esp

FAULTING_SOURCE_CODE:  
   106:     if (!hDirNdx) return;
   107:     for(k=0; k<hDirNdx->FrameCount; k++, FrameList++) {
   108:         if (*FrameList) MyFreePool__(*FrameList);
   109:     }
>  110:     MyFreePool__(hDirNdx);
   111: } // UDFDirIndexFree();
   112: 
   113: /*
   114:     This routine grows DirIndex array
   115:  */


SYMBOL_STACK_INDEX:  7

SYMBOL_NAME:  udfs!UDFDirIndexFree+79

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: udfs

IMAGE_NAME:  udfs.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  69f3a37f

FAILURE_BUCKET_ID:  0xc4_14_VRF_udfs!UDFDirIndexFree+79

BUCKET_ID:  0xc4_14_VRF_udfs!UDFDirIndexFree+79

Followup: MachineOwner
---------