bd_loop_setup_from_fd: missing LOOP_CLR_FD cleanup on LOOP_SET_BLOCK_SIZE failure

[TrendCatcher2]

Summary

In bd_loop_setup_from_fd (src/plugins/loop.c), when the LOOP_SET_BLOCK_SIZE
ioctl fails, the error path closes the file descriptor and returns FALSE but never
calls ioctl(loop_fd, LOOP_CLR_FD) to detach the backing file from the loop device.

Affected Version

libblockdev 3.4.0

Vulnerable Code

src/plugins/loop.c ~line 387:

if (status != 0) {
    g_set_error (...)
    g_free (loop_device);
    close (loop_fd);      /* missing LOOP_CLR_FD before this */
    return FALSE;
}

Impact

The loop device remains associated in kernel state after the failed call.
Repeated calls with an invalid sector_size value will orphan loop devices,
eventually exhausting the available pool (/dev/loop0 through /dev/loop255).

Suggested Fix

Add cleanup before closing the fd in the failure branch:

if (status != 0) {
    g_set_error (...)
    ioctl (loop_fd, LOOP_CLR_FD);  /* add this line */
    g_free (loop_device);
    close (loop_fd);
    return FALSE;
}

Reference

LOOP_CLR_FD is correctly used in bd_loop_teardown (line 441) but absent
from the setup error path.

[tbzatek]

I believe this is mostly duplicate to #1170?