diff --git a/src/bin/common/color.c b/src/bin/common/color.c
index 27f15f13..92d5d734 100644
--- a/src/bin/common/color.c
+++ b/src/bin/common/color.c
@@ -1072,6 +1072,8 @@ void color_esycc_to_rgb(opj_image_t *image)
     int y, cb, cr, sign1, sign2, val;
     unsigned int w, h, max, i;
     int flip_value = (1 << (image->comps[0].prec - 1));
+    // runtime error: left shift of 1 by 31 places cannot be represented in type 'int'
+    // runtime error: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int'
     int max_value = (1 << image->comps[0].prec) - 1;
 
     if (
diff --git a/src/lib/openjp2/ht_dec.c b/src/lib/openjp2/ht_dec.c
index 62a6c9e1..186ae24c 100644
--- a/src/lib/openjp2/ht_dec.c
+++ b/src/lib/openjp2/ht_dec.c
@@ -1192,6 +1192,7 @@ OPJ_BOOL opj_t1_ht_decode_cblk(opj_t1_t *t1,
         cblkdata = t1->cblkdatabuffer;
         cblk_len = 0;
         for (i = 0; i < cblk->numchunks; i++) {
+            assert(cblkdata!=NULL && "memcpy on NULL is undefined behaviour");
             memcpy(cblkdata + cblk_len, cblk->chunks[i].data, cblk->chunks[i].len);
             cblk_len += cblk->chunks[i].len;
         }
diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
index 923bd891..c2adf1ee 100644
--- a/src/lib/openjp2/j2k.c
+++ b/src/lib/openjp2/j2k.c
@@ -7817,6 +7817,11 @@ OPJ_BOOL opj_j2k_setup_encoder(opj_j2k_t *p_j2k,
                                        image->comps[0].h * image->comps[0].prec) /
                                       ((double)parameters->tcp_rates[parameters->tcp_numlayers - 1] * 8 *
                                        image->comps[0].dx * image->comps[0].dy));
+            // this is problematic because INT_MAX is converted to float, but
+            // it can not represent that value (2147483647) exactly, instead it
+            // becomes 2147483648.0f which means the else clause may be hit with
+            // the value 2147483648.0f. that can not be represented as an int,
+            // so the assignment to int is undefined behaviour
             if (temp_size > INT_MAX) {
                 parameters->max_cs_size = INT_MAX;
             } else {
diff --git a/src/lib/openjp2/tcd.c b/src/lib/openjp2/tcd.c
index 438247b6..a807bc3f 100644
--- a/src/lib/openjp2/tcd.c
+++ b/src/lib/openjp2/tcd.c
@@ -2324,6 +2324,7 @@ static OPJ_BOOL opj_tcd_dc_level_shift_decode(opj_tcd_t *p_tcd)
                                                    l_max);
                     ++l_current_ptr;
                 }
+                assert(l_current_ptr!=NULL && "pointer arithmetic on null pointer is undefined behaviour");
                 l_current_ptr += l_stride;
             }
         } else {
@@ -2342,6 +2343,7 @@ static OPJ_BOOL opj_tcd_dc_level_shift_decode(opj_tcd_t *p_tcd)
                     }
                     ++l_current_ptr;
                 }
+                assert(l_current_ptr!=NULL && "pointer arithmetic on null pointer is undefined behaviour");
                 l_current_ptr += l_stride;
             }
         }
diff --git a/tests/fuzzers/afl/.gitignore b/tests/fuzzers/afl/.gitignore
new file mode 100644
index 00000000..414487d5
--- /dev/null
+++ b/tests/fuzzers/afl/.gitignore
@@ -0,0 +1 @@
+build-*/
diff --git a/tests/fuzzers/afl/build-afl.sh b/tests/fuzzers/afl/build-afl.sh
new file mode 100755
index 00000000..b6f7c41a
--- /dev/null
+++ b/tests/fuzzers/afl/build-afl.sh
@@ -0,0 +1,56 @@
+#/bin/sh
+#
+# this creates builds which can be used to fuzz with afl
+#
+# by Paul Dreik 20220825
+
+set -eux
+
+here=$(dirname $0)
+gitroot=$(git -C $here rev-parse --show-toplevel)
+
+
+###################################
+# afl clang
+export AFL_USE_ASAN=1
+export AFL_USE_UBSAN=1
+
+target=$here/build-afl-clang
+
+cmake \
+-DCMAKE_C_COMPILER=afl-clang-fast \
+-S $gitroot -B $target
+
+cmake --build $target -j $(nproc)
+
+###################################
+# afl clang, with asserts disabled
+
+target=$here/build-afl-clang-ndebug
+
+cmake \
+-DCMAKE_C_COMPILER=afl-clang-fast \
+-DCMAKE_C_FLAGS="-g -DNDEBUG" \
+-S $gitroot -B $target
+
+cmake --build $target  -j $(nproc)
+
+###################################
+# sanitizer build with asserts disabled
+target=$here/build-clang-release-replay
+cmake \
+-DCMAKE_C_COMPILER=clang-14 \
+-DCMAKE_C_FLAGS="-g -fsanitize=address,undefined -O3 -DNDEBUG" \
+-S $gitroot -B $target
+
+cmake --build $target -j $(nproc)
+
+###################################
+# sanitizer build with asserts enabled
+target=$here/build-clang-debug-replay
+cmake \
+-DCMAKE_C_COMPILER=clang-14 \
+-DCMAKE_C_FLAGS="-g -fsanitize=address,undefined -O3" \
+-S $gitroot -B $target
+
+cmake --build $target -j $(nproc)
diff --git a/tests/fuzzers/afl/crashes/color_1077_1123 b/tests/fuzzers/afl/crashes/color_1077_1123
new file mode 100644
index 00000000..3a9c1878
Binary files /dev/null and b/tests/fuzzers/afl/crashes/color_1077_1123 differ
diff --git a/tests/fuzzers/afl/crashes/ht_dec_1195 b/tests/fuzzers/afl/crashes/ht_dec_1195
new file mode 100644
index 00000000..e31fb9fa
Binary files /dev/null and b/tests/fuzzers/afl/crashes/ht_dec_1195 differ
diff --git a/tests/fuzzers/afl/crashes/tcd_2327 b/tests/fuzzers/afl/crashes/tcd_2327
new file mode 100644
index 00000000..348a8477
Binary files /dev/null and b/tests/fuzzers/afl/crashes/tcd_2327 differ
diff --git a/tests/fuzzers/afl/crashes/tcd_2346 b/tests/fuzzers/afl/crashes/tcd_2346
new file mode 100644
index 00000000..b70043c6
Binary files /dev/null and b/tests/fuzzers/afl/crashes/tcd_2346 differ