Except that what the user ends up receiving is not a debug build, but a full release, and we can safely assume that at Valve there was no test case where someone would craft a malicious invite with rcon parameters.
This is why Zig maintains these checks in ReleaseSafe mode and gives you wrapping operators (+%=, etc) when that's what you want.
If you want these checks in "ReleaseSafe" mode of your Rust, you can choose to make such a build profile:
[profile.ReleaseSafe]
overflow-checks = true
And of course Rust has both Wrapping types and wrapping versions of each integer operation if you want those, although I think we can be confident that the sort of person who is shipping release builds with overflow checking isn't thinking far enough ahead to have decided what should actually happen when their variabes under/overflow so giving them the option is redundant.
Given that the problem here is they're Wrangling Untrusted File Formats and, unsurprisingly, they failed to do so Safely, they likely should have used WUFFS rather than Rust, or Zig, or any general purpose language.
This is why Zig maintains these checks in ReleaseSafe mode and gives you wrapping operators (+%=, etc) when that's what you want.