I've just now seen this too.  I was just viewing the next email.  I have evo 2.9.92 and gtkhtml 2.13.92.  Backtrace:

+ Trace 114920

Note:

(gdb) p *self
$2 = {klass = 0x6, parent = 0x31, prev = 0x3ea0010, next = 0x3ea0010, change = 65667088, x = 0, y = 51, ascent = 0, descent = 65665072, min_width = 0, width = 71377456, pref_width = 0, 
  max_width = 71377456, percent = 0, flags = 52 '4', redraw_pending = 0, selected = 0, free_pending = 0, draw_focused = 0, object_data = 0xa4d6d0, object_data_nocp = 0xa4d6d0, id = 0xa4d6d0 "f�\001"}


self->klass is corrupted, so the dereference to get the function pointer from it fails.  I have a core file I can look at if that's helpful.

*** Bug 416630 has been marked as a duplicate of this bug. ***

*** Bug 421901 has been marked as a duplicate of this bug. ***

*** Bug 425618 has been marked as a duplicate of this bug. ***

*** Bug 433933 has been marked as a duplicate of this bug. ***

*** Bug 434435 has been marked as a duplicate of this bug. ***

*** Bug 439518 has been marked as a duplicate of this bug. ***

*** Bug 439896 has been marked as a duplicate of this bug. ***

*** Bug 448157 has been marked as a duplicate of this bug. ***

*** Bug 448158 has been marked as a duplicate of this bug. ***

*** Bug 452784 has been marked as a duplicate of this bug. ***

still in 3.15.5

Here's a me too.
gtkhtml version 3.14.1
e-d-s version 1.10.1
evo version 2.10.1

I was just deleting junk by hitting del key repeatedly and quickly, so lots of (mostly HTML) mail went through the gtkhtml control at high speed

Distribution: Gentoo Base System release 2.0.0_alpha3
Gnome Release: 2.18.2 2007-06-27 (Gentoo)
BugBuddy Version: 2.18.1

System: Linux 2.6.22-gentoo #1 PREEMPT Mon Jul 9 22:37:39 EEST 2007 i686
X Vendor: The X.Org Foundation
X Vendor Release: 10300000
Selinux: No
Accessibility: Enabled
GTK+ Theme: Clearlooks
Icon Theme: gnome

Memory status: size: 291512320 vsize: 291512320 resident: 203657216 share: 49901568 rss: 203657216 rss_rlim: 4294967295
CPU usage: start_time: 1184095212 rtime: 56653 utime: 50047 stime: 6606 cutime:164 cstime: 147 timeout: 0 it_real_value: 0 frequency: 100

Backtrace was generated from '/usr/bin/evolution-2.10'

Using host libthread_db library "/lib/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread -1234389280 (LWP 9079)]
[New Thread -1309598832 (LWP 9095)]
[New Thread -1309332592 (LWP 9093)]
[New Thread -1300939888 (LWP 9091)]
[New Thread -1270678640 (LWP 9090)]
[New Thread -1279071344 (LWP 9088)]
[New Thread -1253500016 (LWP 9084)]
0xb7ef1410 in __kernel_vsyscall ()

+ Trace 147103

----------- .xsession-errors ---------------------
alarm-queue.c:233 (add_client_alarms_cb) - Adding (nil)
alarm-queue.c:560 (load_alarms_for_today) - From Wed Jul 11 00:00:00 2007
 to Wed Jul 11 00:00:00 2007
alarm-queue.c:497 (load_alevolution-alarm-notify-Message: alarm.c:235: Requested removal of nonexistent alarm!
(evolution-2.10:9079): e-data-server-WARNING **: Could not open converter for 'unicode-1-1-utf-7' to 'UTF-8' charset
(evolution-2.10:9079): e-data-server-WARNING **: Could not open converter for '%CHARSET' to 'UTF-8' charset
GTK Accessibility Module initialized
Bonobo accessibility support initialized
GTK Accessibility Module initialized
Bonobo accessibility support initialized
Cannot access memory at address 0x0
Cannot access memory at address 0x0
--------------------------------------------------

Could this be a dup of bug 426496 which is fixed?

(In reply to comment #14)
> Could this be a dup of bug 426496 which is fixed?

My case of the stacktrace seems to be :)
After applying the patch from bug 426496 in gentoo (also in official testing version), I've been unable to reproduce the crash to date with my method (browsing through HTML junk mail).

Assuming the original reporters stacktrace is identical with less detailed, then I'd say a dup.

duplicate.

*** This bug has been marked as a duplicate of 426496 ***