diff --git a/CMakeLists.txt b/CMakeLists.txt
index 9afe167d..7fe6185b 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -510,4 +510,7 @@ if (BUILD_MISC_TESTS)
   add_executable(save-generator
     other/fun/save-generator.c)
   target_link_modules(save-generator toxcore misc_tools)
+  add_executable(afl_toxsave
+    testing/afl_toxsave.c)
+  target_link_modules(afl_toxsave toxcore)
 endif()
diff --git a/testing/BUILD.bazel b/testing/BUILD.bazel
index 0db8afa1..34f2d44c 100644
--- a/testing/BUILD.bazel
+++ b/testing/BUILD.bazel
@@ -35,3 +35,11 @@ cc_binary(
         "//c-toxcore/toxcore",
     ],
 )
+
+cc_binary(
+    name = "afl_toxsave",
+    srcs = ["afl_toxsave.c"],
+    deps = [
+        "//c-toxcore/toxcore",
+    ],
+)
diff --git a/testing/afl_testdata/tox_saves/david.tox b/testing/afl_testdata/tox_saves/david.tox
new file mode 100644
index 00000000..391cb6a3
Binary files /dev/null and b/testing/afl_testdata/tox_saves/david.tox differ
diff --git a/testing/afl_toxsave.c b/testing/afl_toxsave.c
new file mode 100644
index 00000000..ddfa569f
--- /dev/null
+++ b/testing/afl_toxsave.c
@@ -0,0 +1,54 @@
+#include <malloc.h>
+#include <stdio.h>
+
+#include "../toxcore/tox.h"
+
+int main(int argc, char **argv)
+{
+    if (argc != 2) {
+        return -1;
+    }
+
+    // determine file size
+    FILE *fileptr = fopen(argv[1], "rb");
+    fseek(fileptr, 0, SEEK_END);
+    long filelen = ftell(fileptr);
+    rewind(fileptr);
+
+    // read file into buffer
+    uint8_t *buffer = (uint8_t *)malloc(filelen * sizeof(uint8_t));
+    size_t bytes_read = fread(buffer, filelen, 1, fileptr);
+
+    if (bytes_read != filelen) {
+        free(buffer);
+        return -1;
+    }
+
+    fclose(fileptr);
+
+    Tox_Err_Options_New error_options;
+
+    struct Tox_Options *tox_options = tox_options_new(&error_options);
+
+    if (error_options != TOX_ERR_OPTIONS_NEW_OK) {
+        free(buffer);
+        return -1;
+    }
+
+    // pass test data to Tox
+    tox_options_set_savedata_data(tox_options, buffer, filelen);
+    tox_options_set_savedata_type(tox_options, TOX_SAVEDATA_TYPE_TOX_SAVE);
+
+    Tox_Err_New error_new;
+    Tox *tox = tox_new(tox_options, &error_new);
+
+    if (!tox || error_new != TOX_ERR_NEW_OK) {
+        free(buffer);
+        return -1;
+    }
+
+    tox_kill(tox);
+    free(buffer);
+
+    return 0;
+}
diff --git a/testing/run_afl.sh b/testing/run_afl.sh
new file mode 100755
index 00000000..c7a3bbc6
--- /dev/null
+++ b/testing/run_afl.sh
@@ -0,0 +1,14 @@
+#! /bin/sh
+
+# move to repo root
+cd ../
+rm -R _afl_build
+mkdir _afl_build
+cd _afl_build
+
+# build c-toxcore using afl instrumentation
+cmake -DCMAKE_C_COMPILER=afl-clang -DBUILD_MISC_TESTS=ON ..
+make
+
+# start fuzzing
+afl-fuzz -i ../testing/afl_testdata/tox_saves/ -o afl_out/ ./afl_toxsave @@