Summary is self explanatory. Attached is a minimal example reproducing the crash.

Update: I built Qt from gitorious (4.7 branch) in debug mode to get a detailed backtrace.

Program received signal SIGSEGV, Segmentation fault.
0xb7669e9c in QDataBuffer<QPointF>::add (this=0xbfffd528, t=...) at ../../include/QtGui/private/../../../src/gui/painting/qdatabuffer_p.h:95
95 buffer[siz] = t;
(gdb) bt
#0 0xb7669e9c in QDataBuffer<QPointF>::add (this=0xbfffd528, t=...) at ../../include/QtGui/private/../../../src/gui/painting/qdatabuffer_p.h:95
#1 0xb7669e44 in QDataBuffer<QPointF>::operator<< (this=0xbfffd528, t=...) at ../../include/QtGui/private/../../../src/gui/painting/qdatabuffer_p.h:135
#2 0xb76a23f6 in QPathSegments::addPath (this=0xbfffd528, path=...) at painting/qpathclipper.cpp:946
#3 0xb76a2261 in QPathSegments::setPath (this=0xbfffd528, path=...) at painting/qpathclipper.cpp:924
#4 0xb76a1f11 in QWingedEdge::QWingedEdge (this=0xbfffd50c, subject=..., clip=...) at painting/qpathclipper.cpp:875
#5 0xb76a5161 in QPathClipper::clip (this=0xbfffd5e8, operation=QPathClipper::Simplify) at painting/qpathclipper.cpp:1652
#6 0xb769b40d in QPainterPath::simplified (this=0xbfffd710) at painting/qpainterpath.cpp:3243
#7 0xb76a5084 in QPathClipper::clip (this=0xbfffd70c, operation=QPathClipper::BoolSub) at painting/qpathclipper.cpp:1629
#8 0xb769b311 in QPainterPath::subtracted (this=0xbfffd860, p=...) at painting/qpainterpath.cpp:3213
#9 0xb7698e68 in QPainterPath::operator- (this=0xbfffd860, other=...) at painting/qpainterpath.cpp:2249
#10 0xb7698ffe in QPainterPath::operator-= (this=0xbfffd860, other=...) at painting/qpainterpath.cpp:2299
#11 0xb77bc300 in QTextLayout::draw (this=0x8140c00, p=0xbfffdd54, pos=..., selections=..., clip=...) at text/qtextlayout.cpp:1276
--Type <return> to continue, or q <return> to quit--q
Quit
(gdb) p siz
$1 = 0
(gdb) p buffer
$2 = (QPointF *) 0x0
(gdb)