evince crashed with SIGSEGV in CairoOutputDev::setSoftMask()

evince crashes with the following backtrace after an out of bounds read.

#0 0x1a65e1e0 in CairoOutputDev::setSoftMask (this=0x218ada00,
    state=0x21944958, bbox=0xb307c5b8, alpha=false, transferFunc=0x0,
    backdropColor=0xb307c664) at CairoOutputDev.cc:1258
#1 0x129b0e62 in Gfx::doForm1 (this=0x2193a800, str=0xb307c748,
    resDict=0x2187a530, matrix=0xb307c588, bbox=0xb307c5b8, transpGroup=true,
    softMask=true, blendingColorSpace=0x0, isolated=true, knockout=false,
    alpha=false, transferFunc=0x0, backdropColor=0xb307c664) at Gfx.cc:4557
#2 0x129b5b95 in Gfx::doSoftMask (this=0x2193a800, str=0xb307c748,
    alpha=false, blendingColorSpace=0x0, isolated=true, knockout=false,
    transferFunc=0x0, backdropColor=0xb307c664) at Gfx.cc:1299
#3 0x129b6f32 in Gfx::opSetExtGState (this=0x2193a800, args=0xb307c824,
    numArgs=1) at Gfx.cc:1143
#4 0x129a9ae6 in Gfx::execOp (this=0x2193a800, cmd=0xb307c9c4,
    args=0xb307c824, numArgs=1) at Gfx.cc:851
#5 0x129b03e8 in Gfx::go (this=0x2193a800, topLevel=false) at Gfx.cc:711
#6 0x129b08f7 in Gfx::display (this=0x2193a800, obj=0xb307cc44,
    topLevel=false) at Gfx.cc:678
#7 0x129b0cd7 in Gfx::doForm1 (this=0x2193a800, str=0xb307cc44,
    resDict=0x2192d788, matrix=0xb307cb38, bbox=0xb307cb68, transpGroup=true,
    softMask=false, blendingColorSpace=0x0, isolated=false, knockout=false,
    alpha=false, transferFunc=0x0, backdropColor=0x0) at Gfx.cc:4525
#8 0x129b1df0 in Gfx::doForm (this=0x2193a800, str=0xb307cc44) at Gfx.cc:4451
#9 0x129b4672 in Gfx::opXObject (this=0x2193a800, args=0xb307cd04, numArgs=1)

ProblemType: Crash
DistroRelease: Ubuntu 11.04
Package: evince 2.32.0-0ubuntu10
ProcVersionSignature: Ubuntu 2.6.38-1.28-generic 2.6.38-rc2
Uname: Linux 2.6.38-1-generic i686
Architecture: i386
Date: Sun Feb 27 22:30:44 2011
ExecutablePath: /usr/bin/evince
InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Alpha i386 (20110202)
ProcCmdline: evince sample1.pdf
ProcCmdline_: BOOT_IMAGE=/boot/vmlinuz-2.6.38-1-generic root=UUID=685c390c-d932-48a1-82ae-2f0b27682162 ro quiet splash vt.handoff=7
ProcEnviron:
 SHELL=/bin/bash
 LC_MESSAGES=en_US.utf8
 LANG=en_US.UTF-8
 LANGUAGE=en_US:en
ProcVersionSignature_: Ubuntu 2.6.38-1.28-generic 2.6.38-rc2
SegvAnalysis:
 Segfault happened at: 0x83fb1e0 <CairoOutputDev::setSoftMask(GfxState*, double*, GBool, Function*, GfxColor*)+464>: mov (%eax),%ecx
 PC (0x083fb1e0) ok
 source "(%eax)" (0x00000000) not located in a known VMA region (needed readable region)!
 destination "%ecx" ok
 Stack memory exhausted (SP below stack segment)
SegvReason: reading NULL VMA
Signal: 11
SourcePackage: evince
StacktraceTop:
 CairoOutputDev::setSoftMask (this=0x228d4800, state=0x22986ff8, bbox=0xb31a45b8, alpha=false, transferFunc=0x0, backdropColor=0xb31a4664) at CairoOutputDev.cc:1258
 Gfx::doForm1 (this=0x22959b60, str=0xb31a4748, resDict=0x2295ad08, matrix=0xb31a4588, bbox=0xb31a45b8, transpGroup=true, softMask=true, blendingColorSpace=0x0, isolated=true, knockout=false, alpha=false, transferFunc=0x0, backdropColor=0xb31a4664) at Gfx.cc:4557
 Gfx::doSoftMask (this=0x22959b60, str=0xb31a4748, alpha=false, blendingColorSpace=0x0, isolated=true, knockout=false, transferFunc=0x0, backdropColor=0xb31a4664) at Gfx.cc:1299
 Gfx::opSetExtGState (this=0x22959b60, args=0xb31a4824, numArgs=1) at Gfx.cc:1143
 Gfx::execOp (this=0x22959b60, cmd=0xb31a49c4, args=0xb31a4824, numArgs=1) at Gfx.cc:851
Title: evince crashed with SIGSEGV in CairoOutputDev::setSoftMask()
UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare
XsessionErrors: (nautilus:1366): GConf-CRITICAL **: gconf_value_free: assertion `value != NULL' failed