From 93eb619cd35b8adcfe6c86e34ea45d2e8edd322b Mon Sep 17 00:00:00 2001
From: Fujii Masao <fujii@postgresql.org>
Date: Sat, 17 Dec 2016 02:20:59 +0900
Subject: [PATCH] Ensure that num_sync is greater than zero in
 synchronous_standby_names.

Previously num_sync could be set to zero and this setting caused
an assertion failure. This means that multiple synchronous standbys
code should assume that num_sync is greater than zero.
Also setting num_sync to zero is nonsense because it's basically
the configuration for synchronous replication. If users want not to
make transaction commits wait for any standbys,
synchronous_standby_names should be emptied to disable synchronous
replication instead of setting num_sync to zero.

This patch forbids users from setting num_sync to zero in
synchronous_standby_names. If zero is specified, an error will
happen during processing the parameter settings.

Back-patch to 9.6 where multiple synchronous standbys feature was added.

Patch by me. Reviewed by Tom Lane.
Discussion: <CAHGQGwHWB3izc6cXuFLh5kOcAbFXaRhhgwd-X5PeN9TEjxqXwg@mail.gmail.com>
---
 src/backend/replication/syncrep.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/backend/replication/syncrep.c b/src/backend/replication/syncrep.c
index ac29f567c3b..ce2009882d9 100644
--- a/src/backend/replication/syncrep.c
+++ b/src/backend/replication/syncrep.c
@@ -924,6 +924,13 @@ check_synchronous_standby_names(char **newval, void **extra, GucSource source)
 			return false;
 		}
 
+		if (syncrep_parse_result->num_sync <= 0)
+		{
+			GUC_check_errmsg("number of synchronous standbys (%d) must be greater than zero",
+							 syncrep_parse_result->num_sync);
+			return false;
+		}
+
 		/* GUC extra value must be malloc'd, not palloc'd */
 		pconf = (SyncRepConfigData *)
 			malloc(syncrep_parse_result->config_size);
-- 
GitLab