The analyzer detected a suspicious expression in parentheses consisting of various variables and values separated by commas. However, it doesn't look like the comma operators ',' are used to reduce the code.
Consider the following example:
if (memcmp(a, b, c) < 0 && (x, y, z) < 0)
When writing the program, the author forgot to write the function name, 'memcmp'. However, the code still compiles successfully, although it doesn't work as intended. In the right part, executing two comma operators results in variable 'z'. It is this variable that is compared with zero. So, this code turns out to be equivalent to the following:
if (memcmp(a, b, c) < 0 && z < 0)
if (memcmp(a, b, c) < 0 && memcmp(x, y, z) < 0)
Note. Sometimes, the ',' operator is used to reduce code. That's why the analyzer doesn't always output the warning about commas inside parentheses. For example, it treats the following code as correct:
if (((std::cin >> A), A) && .....)
We do not recommend writing complex expressions like this because it is going to make it difficult for your colleagues to read such code. But there is no apparent error either. It's just that the developer wanted to combine the operations of retrieving a value and checking it in one expression.
Here's another similar example:
if (a) return (b = foo(), fooo(b), b);
According to Common Weakness Enumeration, potential errors found by using this diagnostic are classified as CWE-480.