No they're not the same thing. While by default the cin buffer is tied to the stdin buffer the two buffers can be separated into totally distinct entities. By the way both cin and stdin are considered "input streams". The cin stream supports the C++ file console input stream and stdin supports C FILE console input stream (a file in C).
So will my code down below ensure that the user can't place more than 4 characters in any buffer or will something be buffered? Like I said earlier, I want to ensure that neither the cin buffer nor the stdin buffer can be filled with more than 4 characters. If a user was malicious, they could potentially insert so many characters that the buffer would overflow and I want to be able to prevent that.
string getGuess()
{
string guess = "";
constint MAX_LENGTH = 4;
/*ensures that "guess" is the same length as answer. This
will make it so that the program avoids comparing "guess"
to "answer" if "guess" has more characters than "answer".
"Guess" having more characters than "answer"
would make it so that the program would be trying
to access a larger index in "answer" that doesn't exist.
This do-while loop also ensures that a user can't overflow
the cin buffer by theoretically inputting more characters
than the buffer could contain*/
do {
cout << "Enter a word containing exactly " << MAX_LENGTH << " characters: ";
cin >> setw( MAX_LENGTH ) >> guess;
cin.ignore(numeric_limits<streamsize>::max(), '\n');
cout << "guess: " << guess << endl;
} while ( guess.size() != MAX_LENGTH );
cout << endl;
return guess;
}
If a user was malicious, they could potentially insert so many characters that the buffer would overflow and I want to be able to prevent that.
In C++ it is not possible to overflow the input buffer it will only take so many characters and then it will stop accepting characters.
It is possible to overflow the size of a C-string when parsing the input buffer but that is another issue altogether.
The setw() function will limit the number of characters that will be accepted into your variable, but there may still be characters left in the input buffer. Those characters will be available for the next input operation unless you somehow remove them (like you are with the ignore() statement).