Could you use this to make sure users uploading files to your website are correct (i.e only jpegs and valid image data)? But in a fast and safe way, or is this overkill?
Not sure that’s possible. I’m pretty sure it is not safe to assume „parses in wuffs“ -> „is safe in any other decoder“. I’m using wuffs to check user upload (see my recent response in another thread) but I still generate out linear RGBA and work with that. I still consider the original JPEG data hostile.
Yes, you could. But be careful to make sure that there's no more data left after the decoder finishes, because it's possible to append a ZIP file (or acropcalypse) at the end of any other valid image file data, and decoders usually stop at the end of the image and don't parse past its end, so won't complain about extra data.