off-by-one in tbprobe.c

[patricklauer]

./cfish bench 16 1 15 default depth nnue > /dev/null
=================================================================
==12099==ERROR: AddressSanitizer: global-buffer-overflow on address 0x55f3d13e3b60 at pc 0x55f3d13143cc bp 0x7ffc916dac00 sp 0x7ffc916dabf0
READ of size 8 at 0x55f3d13e3b60 thread T0
    #0 0x55f3d13143cb in init_indices /home/me/chess/Cfish/src/tbprobe.c:685
    #1 0x55f3d13143cb in TB_init /home/me/chess/Cfish/src/tbprobe.c:338
    #2 0x55f3d132a4e0 in on_tb_path /home/me/chess/Cfish/src/ucioption.c:71
    #3 0x55f3d1329dd6 in options_init /home/me/chess/Cfish/src/ucioption.c:192
    #4 0x55f3d12b8dfa in main /home/me/chess/Cfish/src/main.c:46
    #5 0x7f481d6007fc in __libc_start_main (/lib64/libc.so.6+0x237fc)
    #6 0x55f3d12b93a9 in _start (/home/me/chess/Cfish/src/cfish+0x293a9)

0x55f3d13e3b60 is located 32 bytes to the left of global variable 'Binomial' defined in 'tbprobe.c:671:15' (0x55f3d13e3b80) of size 3584
0x55f3d13e3b60 is located 0 bytes to the right of global variable 'PawnIdx' defined in 'tbprobe.c:672:15' (0x55f3d13e3260) of size 2304
SUMMARY: AddressSanitizer: global-buffer-overflow /home/me/chess/Cfish/src/tbprobe.c:685 in init_indices
Shadow bytes around the buggy address:
[...]

This is due to an index off-by-one, and is fixed with

diff --git a/src/tbprobe.c b/src/tbprobe.c
index 260a255..7625c86 100644
--- a/src/tbprobe.c
+++ b/src/tbprobe.c
@@ -680,9 +680,11 @@ static void init_indices(void)
   // Binomial[k][n] = Bin(n, k)
   for (j = 0; j < 64; j++)
     Binomial[0][j] = 1;
-  for (i = 0; i < 7; i++)
-    for (j = 1; j < 64; j++)
+  for (i = 1; i < 7; i++) {
+    for (j = 1; j < 64; j++) {
       Binomial[i][j] = Binomial[i - 1][j - 1] + Binomial[i][j - 1];
+    }
+  }

   for (i = 0; i < 6; i++) {
     size_t s = 0;