On Red Flag DC Server 5.0 Linux, we hit a bug in the Sun JDK 5.0
Update 4 causing failure of the JCK 15a test:
api/java_awt/GraphicsEnvironment/index.html#GetAFFamilyNames.
 
The problem was tracked down to be a bug in the method
sun.font.TrueTypeFont.lookupName() that only is triggered for certain
TrueType font files, in this case a font file from the RPM package
ttfonts-zh_TW-5.0-2AX.noarch.rpm.

The actual bug is that the offset in the 'name' table is an unsigned
16-bit type that is stored in a 'short' which is a signed 16-bit type.
In this case the offset of the searched for table entry is larger than
32767 which causes a negative value to be stored in the 'short' and sent
to ShortBuffer.position() that throws an IllegalArgumentException.

The following short program triggers the bug on all platforms, both
Windows and Linux:

-----<------
import java.awt.Font;
import java.io.File;
import java.util.Locale;
import sun.font.Font2D;
import sun.font.FontManager;
import sun.font.TrueTypeFont;

public class BugRepro {
    public static void main(String[] args) throws Exception {
	File fontFile = new File(args[0]);
	TrueTypeFont ttf = (TrueTypeFont)
FontManager.createFont2D(fontFile, 
Font.TRUETYPE_FONT, false);
	ttf.getFamilyName(Locale.CHINA);
    }
}
-----<-----
using any of the .ttf-files in ttfonts-zh_TW-5.0-2AX.noarch.rpm as
input, e.g.
/usr/share/fonts/zh_TW/TrueType/bsmi00lp.ttf.
Posted Date : 2005-11-11 14:19:33.0

N/A

As per description - use ints to store unsigned short values for 
TrueType name table.
Posted Date : 2005-11-26 15:21:29.0

Reviewing the fix in Sun JDK 1.6.0-b63 source drop, in sun.font.TrueTypeFont, it seems that the method initNames() has been overlooked and is still vulnerable to the bug, even though lookupName() and initAllNames() are fixed.