diff --git a/.gitignore b/.gitignore
index 7cd3d0068a..252210e57c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -268,6 +268,7 @@ doc/
# Deployment artifacts
dist
*.exe
+*.dll
# BenchmarkDotNet artifacts
BenchmarkDotNet.Artifacts
diff --git a/fuzz/.gitignore b/fuzz/.gitignore
new file mode 100644
index 0000000000..652de0a45f
--- /dev/null
+++ b/fuzz/.gitignore
@@ -0,0 +1 @@
+Findings
diff --git a/fuzz/Emby.Server.Implementations.Fuzz/Emby.Server.Implementations.Fuzz.csproj b/fuzz/Emby.Server.Implementations.Fuzz/Emby.Server.Implementations.Fuzz.csproj
new file mode 100644
index 0000000000..791cb140db
--- /dev/null
+++ b/fuzz/Emby.Server.Implementations.Fuzz/Emby.Server.Implementations.Fuzz.csproj
@@ -0,0 +1,18 @@
+
+
+
+ Exe
+ net5.0
+
+
+
+
+ Emby.Server.Implementations.dll
+
+
+
+
+
+
+
+
diff --git a/fuzz/Emby.Server.Implementations.Fuzz/Program.cs b/fuzz/Emby.Server.Implementations.Fuzz/Program.cs
new file mode 100644
index 0000000000..a4a6f5f54d
--- /dev/null
+++ b/fuzz/Emby.Server.Implementations.Fuzz/Program.cs
@@ -0,0 +1,32 @@
+using System;
+using Emby.Server.Implementations.Library;
+using SharpFuzz;
+
+namespace Emby.Server.Implementations.Fuzz
+{
+ public static class Program
+ {
+ public static void Main(string[] args)
+ {
+ switch (args[0])
+ {
+ case "PathExtensions.TryReplaceSubPath": Run(PathExtensions_TryReplaceSubPath); return;
+ default: throw new ArgumentException($"Unknown fuzzing function: {args[0]}");
+ }
+ }
+
+ private static void Run(Action action) => Fuzzer.OutOfProcess.Run(action);
+
+ private static void PathExtensions_TryReplaceSubPath(string data)
+ {
+ // Stupid, but it worked
+ var parts = data.Split(':');
+ if (parts.Length != 3)
+ {
+ return;
+ }
+
+ _ = PathExtensions.TryReplaceSubPath(parts[0], parts[1], parts[2], out _);
+ }
+ }
+}
diff --git a/fuzz/Emby.Server.Implementations.Fuzz/Testcases/PathExtensions.TryReplaceSubPath/test1.txt b/fuzz/Emby.Server.Implementations.Fuzz/Testcases/PathExtensions.TryReplaceSubPath/test1.txt
new file mode 100644
index 0000000000..aacf973d67
--- /dev/null
+++ b/fuzz/Emby.Server.Implementations.Fuzz/Testcases/PathExtensions.TryReplaceSubPath/test1.txt
@@ -0,0 +1 @@
+/fuzz/Emby.Server.Implementations.Fuzz/Testcases/PathExtensions.TryReplaceSubPath/test1.txt/:/home/bond/dev/jellyfin/:/srv/jellyfin/
diff --git a/fuzz/Emby.Server.Implementations.Fuzz/fuzz.sh b/fuzz/Emby.Server.Implementations.Fuzz/fuzz.sh
new file mode 100755
index 0000000000..244f734026
--- /dev/null
+++ b/fuzz/Emby.Server.Implementations.Fuzz/fuzz.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+set -e
+
+dotnet build -c Release ../../Emby.Server.Implementations/Emby.Server.Implementations.csproj --output bin
+sharpfuzz bin/Emby.Server.Implementations.dll
+cp bin/Emby.Server.Implementations.dll .
+
+dotnet build
+mkdir -p Findings
+AFL_SKIP_BIN_CHECK=1 afl-fuzz -i "Testcases/$1" -o "Findings/$1" -t 5000 -m 10240 dotnet bin/Debug/net5.0/Emby.Server.Implementations.Fuzz.dll "$1"
diff --git a/fuzz/Jellyfin.Server.Fuzz/Jellyfin.Server.Fuzz.csproj b/fuzz/Jellyfin.Server.Fuzz/Jellyfin.Server.Fuzz.csproj
new file mode 100644
index 0000000000..6fcfbae0e6
--- /dev/null
+++ b/fuzz/Jellyfin.Server.Fuzz/Jellyfin.Server.Fuzz.csproj
@@ -0,0 +1,22 @@
+
+
+
+ Exe
+ net5.0
+
+
+
+
+ jellyfin.dll
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/fuzz/Jellyfin.Server.Fuzz/Program.cs b/fuzz/Jellyfin.Server.Fuzz/Program.cs
new file mode 100644
index 0000000000..e47286c131
--- /dev/null
+++ b/fuzz/Jellyfin.Server.Fuzz/Program.cs
@@ -0,0 +1,33 @@
+using System;
+using System.Collections.Generic;
+using Jellyfin.Server.Middleware;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Features;
+using Microsoft.Extensions.Primitives;
+using SharpFuzz;
+
+namespace Emby.Server.Implementations.Fuzz
+{
+ public static class Program
+ {
+ public static void Main(string[] args)
+ {
+ switch (args[0])
+ {
+ case "UrlDecodeQueryFeature": Run(UrlDecodeQueryFeature); return;
+ default: throw new ArgumentException($"Unknown fuzzing function: {args[0]}");
+ }
+ }
+
+ private static void Run(Action action) => Fuzzer.OutOfProcess.Run(action);
+
+ private static void UrlDecodeQueryFeature(string data)
+ {
+ var dict = new Dictionary
+ {
+ { data, StringValues.Empty }
+ };
+ _ = new UrlDecodeQueryFeature(new QueryFeature(new QueryCollection(dict)));
+ }
+ }
+}
diff --git a/fuzz/Jellyfin.Server.Fuzz/Testcases/UrlDecodeQueryFeature/test1.txt b/fuzz/Jellyfin.Server.Fuzz/Testcases/UrlDecodeQueryFeature/test1.txt
new file mode 100644
index 0000000000..73f356b936
--- /dev/null
+++ b/fuzz/Jellyfin.Server.Fuzz/Testcases/UrlDecodeQueryFeature/test1.txt
@@ -0,0 +1 @@
+a%3D1%26b%3D2%26c%3D3
diff --git a/fuzz/Jellyfin.Server.Fuzz/fuzz.sh b/fuzz/Jellyfin.Server.Fuzz/fuzz.sh
new file mode 100755
index 0000000000..ad81e2c355
--- /dev/null
+++ b/fuzz/Jellyfin.Server.Fuzz/fuzz.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+set -e
+
+dotnet build -c Release ../../Jellyfin.Server/Jellyfin.Server.csproj --output bin
+sharpfuzz bin/jellyfin.dll
+cp bin/jellyfin.dll .
+
+dotnet build
+mkdir -p Findings
+AFL_SKIP_BIN_CHECK=1 afl-fuzz -i "Testcases/$1" -o "Findings/$1" -t 5000 -m 10240 dotnet bin/Debug/net5.0/Jellyfin.Server.Fuzz.dll "$1"