Skip to content

[ISSUE #10578] Fix master election maxOffset comparator overflow#10579

Open
Aias00 wants to merge 1 commit into
apache:developfrom
Aias00:fix/master-election-comparator
Open

[ISSUE #10578] Fix master election maxOffset comparator overflow#10579
Aias00 wants to merge 1 commit into
apache:developfrom
Aias00:fix/master-election-comparator

Conversation

@Aias00

@Aias00 Aias00 commented Jul 2, 2026

Copy link
Copy Markdown

What changed

Fix DefaultElectPolicy master-election ordering to avoid integer overflow when comparing broker maxOffset values.

The election comparator previously used subtraction and cast the long offset delta to int:

(int) (o2.getMaxOffset() - o1.getMaxOffset())

When two brokers have the same epoch and their maxOffset difference exceeds Integer.MAX_VALUE, the comparator can overflow and return the wrong ordering. That may cause the controller to elect a broker with a lower offset as master.

This PR replaces subtraction-based comparisons with Integer.compare and Long.compare, preserving the existing ordering rules:

  1. Higher epoch first
  2. Higher max offset first
  3. Lower election priority first

Fixes #10578

Why

Master election is a control-plane correctness path. A comparator overflow here can select a stale replica when broker offsets diverge by more than Integer.MAX_VALUE.

Tests

Added DefaultElectPolicyTest covering the overflow case:

  • two brokers with the same epoch
  • offset delta greater than Integer.MAX_VALUE
  • verifies the broker with the higher offset is elected

Verified locally:

mvn -q -pl controller -DskipTests=false -Dtest=DefaultElectPolicyTest -Djacoco.skip=true test
mvn -q -pl controller -DskipTests compile -Dspotbugs.skip=true -Dcheckstyle.skip=true
mvn -q -DskipTests compile -Dspotbugs.skip=true -Dcheckstyle.skip=true

Notes

checkstyle:check was not used as a gating signal because the controller module currently reports existing unrelated checkstyle violations. The targeted test and compile checks pass.

DefaultElectPolicy sorted broker candidates by subtracting maxOffset values and casting the long delta to int. Large offset gaps can overflow the comparator result and rank a lower-offset broker first. This replaces subtraction with safe comparator helpers and adds a focused overflow regression test.

Constraint: Preserve existing election order: higher epoch, higher maxOffset, lower electionPriority

Rejected: Keep subtraction comparator | unsafe for long offset deltas greater than Integer.MAX_VALUE

Confidence: high

Scope-risk: narrow

Tested: mvn -q -pl controller -DskipTests=false -Dtest=DefaultElectPolicyTest -Djacoco.skip=true test

Tested: mvn -q -pl controller -DskipTests compile -Dspotbugs.skip=true -Dcheckstyle.skip=true

Tested: mvn -q -DskipTests compile -Dspotbugs.skip=true -Dcheckstyle.skip=true

Not-tested: Full controller suite on local JDK due existing JaCoCo/Hessian module-access failures

Related: apache#10578
Copilot AI review requested due to automatic review settings July 2, 2026 13:39

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Fixes a correctness bug in the controller master-election ordering by replacing overflow-prone subtraction/casting in DefaultElectPolicy’s comparator with safe Integer.compare / Long.compare comparisons, and adds a focused regression test for the overflow scenario described in #10578.

Changes:

  • Replace subtraction-based epoch/maxOffset/priority comparisons in the election comparator with Integer.compare/Long.compare to prevent overflow and preserve intended ordering.
  • Add DefaultElectPolicyTest to cover the case where maxOffset deltas exceed Integer.MAX_VALUE and ensure the higher-offset broker is elected.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
controller/src/main/java/org/apache/rocketmq/controller/elect/impl/DefaultElectPolicy.java Updates the broker ordering comparator to avoid overflow and keep deterministic ordering rules (epoch desc, offset desc, priority asc).
controller/src/test/java/org/apache/rocketmq/controller/elect/impl/DefaultElectPolicyTest.java Adds a regression test ensuring election prefers the higher maxOffset when the offset difference exceeds Integer.MAX_VALUE.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@codecov-commenter

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 48.14%. Comparing base (8242c1e) to head (cc9c594).

Additional details and impacted files
@@              Coverage Diff              @@
##             develop   #10579      +/-   ##
=============================================
- Coverage      48.26%   48.14%   -0.12%     
+ Complexity     13433    13400      -33     
=============================================
  Files           1378     1378              
  Lines         100817   100820       +3     
  Branches       13040    13041       +1     
=============================================
- Hits           48660    48542     -118     
- Misses         46211    46310      +99     
- Partials        5946     5968      +22     

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[Bug] Master election may choose lower-offset broker due to maxOffset comparator overflow

3 participants