Ensure that num_sync is greater than zero in synchronous_standby_names.

Previously num_sync could be set to zero and this setting caused
an assertion failure. This means that multiple synchronous standbys
code should assume that num_sync is greater than zero.
Also setting num_sync to zero is nonsense because it's basically
the configuration for synchronous replication. If users want not to
make transaction commits wait for any standbys,
synchronous_standby_names should be emptied to disable synchronous
replication instead of setting num_sync to zero.

This patch forbids users from setting num_sync to zero in
synchronous_standby_names. If zero is specified, an error will
happen during processing the parameter settings.

Back-patch to 9.6 where multiple synchronous standbys feature was added.

Patch by me. Reviewed by Tom Lane.
Discussion: <CAHGQGwHWB3izc6cXuFLh5kOcAbFXaRhhgwd-X5PeN9TEjxqXwg@mail.gmail.com>

diff --git a/src/backend/replication/syncrep.c b/src/backend/replication/syncrep.c
index ac29f567c3bf37c578a9179c352e5107627c32d3..ce2009882d9a61ee8f85593046995eab0e1e34f0 100644 (file)
--- a/src/backend/replication/syncrep.c
+++ b/src/backend/replication/syncrep.c
@@ -924,6 +924,13 @@ check_synchronous_standby_names(char **newval, void **extra, GucSource source)
                        return false;
                }
 
+               if (syncrep_parse_result->num_sync <= 0)
+               {
+                       GUC_check_errmsg("number of synchronous standbys (%d) must be greater than zero",
+                                                        syncrep_parse_result->num_sync);
+                       return false;
+               }
+
                /* GUC extra value must be malloc'd, not palloc'd */
                pconf = (SyncRepConfigData *)
                        malloc(syncrep_parse_result->config_size);