Fix Size computation for allocation Integer overflow

[odaysec]

What is the problem this PR solves?

Performing calculations involving the size of potentially large strings or slices can result in an overflow (for signed integer types) or a wraparound (for unsigned types). An overflow causes the result of the calculation to become negative, while a wraparound results in a small (positive) number. This can cause further issues. If, for the result is then used in an allocation, it will cause a runtime panic if it is negative, and allocate an unexpectedly small buffer otherwise.

How to test this PR locally

#4525

Design Checklist

• I have ensured my design is stateless and will work when multiple fleet-server instances are behind a load balancer.
• I have or intend to scale test my changes, ensuring it will work reliably with 100K+ agents connected.
• I have included fail safe mechanisms to limit the load on fleet-server: rate limiting, circuit breakers, caching, load shedding, etc.

Checklist

• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have made corresponding change to the default configuration files
• I have added tests that prove my fix is effective or that my feature works
• I have added an entry in ./changelog/fragments using the changelog tool

Related issues

[cla-checker-service]

❌ Author of the following commits did not sign a Contributor Agreement:
ed4f413

Please, read and sign the above mentioned agreement if you want to contribute to this project

[mergify]

This pull request does not have a backport label. Could you fix it @odaysec? 🙏
To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

• backport-./d./d is the label to automatically backport to the 8./d branch. /d is the digit
• backport-active-all is the label that automatically backports to all active branches.
• backport-active-8 is the label that automatically backports to all active minor branches for the 8 major.
• backport-active-9 is the label that automatically backports to all active minor branches for the 9 major.

[odaysec]

/cla

[cmacknz]

This is an internal method that only has 2 calls in this file, one that already explicitly handles a negative count the same way bytes.Buffer does in Go itself https://cs.opensource.google/go/go/+/refs/tags/go1.24.0:src/bytes/buffer.go;l=164-170

fleet-server/internal/pkg/danger/buf.go

Lines 41 to 48 in ba68a24

	func (b *Buf) Grow(n int) {
	if n < 0 {
	panic("danger.Buf.Grow: negative count")
	}
	if cap(b.buf)-len(b.buf) < n {
	b.grow(n)
	}
	}

And another that uses an explicitly non-negative constant:

fleet-server/internal/pkg/danger/buf.go

Lines 66 to 74 in ba68a24

	func (b *Buf) WriteRune(r rune) (int, error) {
	if r < utf8.RuneSelf {
	b.buf = append(b.buf, byte(r))
	return 1, nil
	}
	l := len(b.buf)
	if cap(b.buf)-l < utf8.UTFMax {
	b.grow(utf8.UTFMax)
	}

This change seems unnecessary.

[cmacknz]

Closing, no functional change from current behavior. Re-open if I am missing something.