From 3ee158ea8f52495ab8dd18c62f2b019f6092eb71 Mon Sep 17 00:00:00 2001
From: JOE1994 <joseph942010@gmail.com>
Date: Tue, 19 Jan 2021 10:22:30 -0500
Subject: [PATCH] data race in lexer::ReaderResult<T, E>

---
 crates/lexer/RUSTSEC-0000-0000.md | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 crates/lexer/RUSTSEC-0000-0000.md

diff --git a/crates/lexer/RUSTSEC-0000-0000.md b/crates/lexer/RUSTSEC-0000-0000.md
new file mode 100644
index 0000000..a9fb7cc
--- /dev/null
+++ b/crates/lexer/RUSTSEC-0000-0000.md
@@ -0,0 +1,21 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "lexer"
+date = "2020-11-10"
+url = "https://gitlab.com/nathanfaucett/rs-lexer/-/issues/2"
+categories = ["memory-corruption"]
+
+[versions]
+patched = []
+```
+
+# ReaderResult should be bounded by Sync
+
+Affected versions of this crate implements `Sync` for `ReaderResult<T, E>` with the trait bound `T: Send, E: Send`.
+
+Since matching on the public enum `ReaderResult<T, E>` provides access to `&T` & `&E`,
+allowing data race to a non-Sync type `T` or `E`.
+This can result in a memory corruption when multiple threads concurrently access `&T` or `&E`.
+
+Suggested fix for the bug is change the trait bounds imposed on `T` & `E` to be `T: Sync, E: Sync`.
\ No newline at end of file