I was reading a UNIX book and in some sample code, I saw the comma operator used in a 'while' statement, like this:

while (gets(s), !feof(stdin))
{
if ((num = write(fd, s, strlen(s))) == -1)
<do something>
else
<do something else>
}

I googled for examples, but could only find examples with the 'for' statement, which I already knew about. In the Kernighan and Ritchie C book, it says that things are evaluated left to right, and the value of the left one is discarded. Maybe someone could clear up for me why this kind of expression in a 'while' statement would be useful.

Hi,

Personally I never use it but from what I remember comma operator let's you evaluate more than one expression and return the value of the rightmost. Therefore in your case both - fgets and feof will be evaluated and the return value of feof will be passed as a parameter to while.

Chris

In the example that you gave what goes on is that the file is read and the value is placed into the variable 's'. The variable 's' can now be used within the body of the loop. However, if this is the end of file character you don't want to process it hence the second check in the while loop.

The example code given highlights the use of the comma operator but since there can be two error conditions from gets(), one checked by feof() (end of file) and the other checked by ferror() (file error) you should be wary of using this code as is.

hai

comma operator can also be used in while loop statement.
in the case above, the while loop iterates only if both the expressions evaluate to non zero value. That means, it will behave like "&&" operator. Using comma is a terminology used by some people. but it will effect the ease of understanding the code to naive persons some times. So even comma operator is allowed, better to avoid its usage.

regards

I appreciate the input, folks. I was reading through some documentation from a website and found that bit of code among the author's samples. I hadn't seen a condition like that before in a 'while' loop and thought I'd come here and get a few opinions. I seriously doubt I'll use it myself.

Using commas is more common within for loops:

The example values are not very meaningful, but it shows the concept.

GWN

This is completely wrong. The comma operator will execute both statements unconditionally (in left-to-right order), and only the last statement will be checked for truth.

Note that this is different from using a comma as the argument separator in a function call. In that scenario, the order of evaluation of the parameters is unspecified, but in this case, the operator creates a sequence point so it is always left-to-right.

it's generally only used as marquardl said.
it's not really an ultra useful thing.

it's (i think) simply a language construct to put multiple expressions into a place that expects one.
so you can do for(i=2,j=3



Comma operator[125]==

expression:
assignment_expression /
expression ',' assignment_expression

I'm concerned that the UNIX book is actually using gets. If it doesn't tell you how dangerous that is, you need to read a newer book.

In my opinion, fgets itself - like many other C functions is not dangerous at all. The danger is between chair and the keyboard The function works as described in the manual... However I agree that authors of popular programming books should be more concerned about security aspects of C programming. Know your tools I'd say. The beauty of C programming is that it gives you a freedom of screwing everything up as well as building a cool and efficient applications.

Chris

The issue was with gets(), for which there are around zero ways to use “correctly” (the only safe scenario is if you have special knowledge or control over the program writing to stdin). The gets() function has even been officially “discouraged” by the POSIX standard, which renders any UNIX programming book encouraging its use outdated.

I've worked with C for a few years, though never had reason to use 'gets', mainly 'fgets' since the reading I did was normally from files. Out of curiosity, what's been the main problem with 'gets'?

fgets/gets functions don't stop reading even if they catch \0 character. They were made sensitive to the \n and EOF. Now think about what could happen to your strings if you have some unintended NULL characters in the lines you're reading from the file... Of course, if you know what your doing and \0s are purposely put there and your program can deal with them - then no problem.

gets() will read an unlimited amount of data into a limited amount of memory, so you will have an overflow if the amount read exceeds the amount anticipated. This possible security breach happens whenever you have stdin connected to a terminal or an untrusted program. The prototype of fgets(), however, forces you to specify a limit on the amount of input.

osor is definitely right. That's the main danger of using gets. However there are more commonly used functions that don't check if the data fits in the buffer - like sprintf() or strcat(). That's why it's always safer to use their "counting" equivalents like snprintf and strncat. It these cases though the data is not coming directly form the potentially dangerous source like stream in the gets case and could be already processed. But, you never know ... Or you better know where the data is coming from