Comment 27 for bug 345714

I "suspect" the bug is in the function below. Note the 'for' loop that calls itself...yuck!
-----------------------------------------------------------------------

static void
drm_intel_fake_bo_unreference_locked(drm_intel_bo *bo)
{
   drm_intel_bufmgr_fake *bufmgr_fake = (drm_intel_bufmgr_fake *)bo->bufmgr;
   drm_intel_bo_fake *bo_fake = (drm_intel_bo_fake *)bo;
   int i;

   if (--bo_fake->refcount == 0) {
      assert(bo_fake->map_count == 0);
      /* No remaining references, so free it */
      if (bo_fake->block){
         free_block(bufmgr_fake, bo_fake->block, 0);
      }
      free_backing_store(bo);

      for (i = 0; i < bo_fake->nr_relocs; i++){
         drm_intel_fake_bo_unreference_locked(bo_fake->relocs[i].target_buf);
      }
      DBG("drm_bo_unreference: free buf %d %s\n", bo_fake->id, bo_fake->name);

      free(bo_fake->relocs);
      free(bo);
   }
}