diff --git a/src/test/fuzz/CMakeLists.txt b/src/test/fuzz/CMakeLists.txt
index 038117a4d..4355503af 100644
--- a/src/test/fuzz/CMakeLists.txt
+++ b/src/test/fuzz/CMakeLists.txt
@@ -1,229 +1,232 @@
 # Fuzzer test harness
 add_custom_target(bitcoin-fuzzers)
 
 define_property(GLOBAL
 	PROPERTY FUZZ_TARGETS
 	BRIEF_DOCS "List of fuzz targets"
 	FULL_DOCS "A list of the fuzz targets"
 )
 set_property(GLOBAL APPEND PROPERTY FUZZ_TARGETS bitcoin-fuzzers)
 
 include(InstallationHelper)
 macro(add_fuzz_target TARGET EXE_NAME)
 	add_executable(${TARGET} EXCLUDE_FROM_ALL
 		fuzz.cpp
 		${ARGN}
 	)
 	set_target_properties(${TARGET} PROPERTIES OUTPUT_NAME ${EXE_NAME})
 
 	target_link_libraries(${TARGET} server testutil rpcclient)
 	if(TARGET bitcoinconsensus-shared)
 		target_link_libraries(${TARGET} bitcoinconsensus-shared)
 	else()
 		target_link_libraries(${TARGET} bitcoinconsensus)
 	endif()
 
 	add_dependencies(bitcoin-fuzzers ${TARGET})
 
 	set_property(GLOBAL APPEND PROPERTY FUZZ_TARGETS ${TARGET})
 
 	install_target(${TARGET}
 		COMPONENT fuzzer
 		EXCLUDE_FROM_ALL
 	)
 endmacro()
 
 function(add_regular_fuzz_targets)
 	foreach(_fuzz_test_name ${ARGN})
 		sanitize_target_name("fuzz-" ${_fuzz_test_name} _fuzz_target_name)
 		add_fuzz_target(
 			${_fuzz_target_name}
 			${_fuzz_test_name}
 
 			# Sources
 			"${_fuzz_test_name}.cpp"
 		)
 	endforeach()
 endfunction()
 
 include(SanitizeHelper)
 function(add_deserialize_fuzz_targets)
 	foreach(_fuzz_test_name ${ARGN})
 		sanitize_target_name("fuzz-" ${_fuzz_test_name} _fuzz_target_name)
 		add_fuzz_target(
 			${_fuzz_target_name}
 			${_fuzz_test_name}
 
 			# Sources
 			deserialize.cpp
 		)
 
 		sanitize_c_cxx_definition("" ${_fuzz_test_name} _target_definition)
 		string(TOUPPER ${_target_definition} _target_definition)
 		target_compile_definitions(${_fuzz_target_name} PRIVATE ${_target_definition})
 	endforeach()
 endfunction()
 
 function(add_process_message_fuzz_targets)
 	foreach(_fuzz_test_name ${ARGN})
 		sanitize_target_name("fuzz-process_message_" ${_fuzz_test_name} _fuzz_target_name)
 		add_fuzz_target(
 			${_fuzz_target_name}
 			process_message_${_fuzz_test_name}
 
 			# Sources
 			process_message.cpp
 		)
 
 		target_compile_definitions(${_fuzz_target_name} PRIVATE MESSAGE_TYPE=${_fuzz_test_name})
 	endforeach()
 endfunction()
 
 add_regular_fuzz_targets(
 	addition_overflow
 	addrdb
 	asmap
 	asmap_direct
+	autofile
 	banman
 	base_encode_decode
 	block
 	block_header
 	blockfilter
 	bloom_filter
+	buffered_file
 	cashaddr
 	chain
 	checkqueue
 	coins_view
 	crypto
 	crypto_aes256
 	crypto_aes256cbc
 	crypto_chacha20
 	crypto_chacha20_poly1305_aead
 	crypto_common
 	crypto_hkdf_hmac_sha256_l32
 	crypto_poly1305
 	cuckoocache
 	descriptor_parse
 	eval_script
 	fee_rate
 	fees
 	flatfile
 	float
 	golomb_rice
 	hex
 	http_request
 	integer
 	key
 	key_io
 	kitchen_sink
+	load_external_block_file
 	locale
 	merkleblock
 	message
 	multiplication_overflow
 	net_permissions
 	netaddress
 	p2p_transport_deserializer
 	parse_hd_keypath
 	parse_iso8601
 	parse_numbers
 	parse_script
 	parse_univalue
 	prevector
 	pow
 	primitives_transaction
 	process_message
 	process_messages
 	protocol
 	psbt
 	random
 	rolling_bloom_filter
 	script
 	script_bitcoin_consensus
 	script_descriptor_cache
 	script_flags
 	script_interpreter
 	script_ops
 	script_sigcache
 	script_sign
 	scriptnum_ops
 	signature_checker
 	span
 	spanparsing
 	string
 	strprintf
 	system
 	timedata
 	transaction
 	tx_in
 	tx_out
 )
 
 add_deserialize_fuzz_targets(
 	addr_info_deserialize
 	address_deserialize
 	addrman_deserialize
 	banentry_deserialize
 	block_deserialize
 	block_file_info_deserialize
 	block_filter_deserialize
 	block_header_and_short_txids_deserialize
 	blockheader_deserialize
 	blocklocator_deserialize
 	blockmerkleroot
 	blocktransactions_deserialize
 	blocktransactionsrequest_deserialize
 	blockundo_deserialize
 	bloomfilter_deserialize
 	coins_deserialize
 	diskblockindex_deserialize
 	fee_rate_deserialize
 	flat_file_pos_deserialize
 	inv_deserialize
 	key_origin_info_deserialize
 	merkle_block_deserialize
 	messageheader_deserialize
 	netaddr_deserialize
 	out_point_deserialize
 	partial_merkle_tree_deserialize
 	partially_signed_transaction_deserialize
 	prefilled_transaction_deserialize
 	psbt_input_deserialize
 	psbt_output_deserialize
 	pub_key_deserialize
 	script_deserialize
 	service_deserialize
 	snapshotmetadata_deserialize
 	sub_net_deserialize
 	tx_in_deserialize
 	txoutcompressor_deserialize
 	txundo_deserialize
 	uint160_deserialize
 	uint256_deserialize
 )
 
 add_process_message_fuzz_targets(
 	addr
 	block
 	blocktxn
 	cmpctblock
 	feefilter
 	filteradd
 	filterclear
 	filterload
 	getaddr
 	getblocks
 	getblocktxn
 	getdata
 	getheaders
 	headers
 	inv
 	mempool
 	notfound
 	ping
 	pong
 	sendcmpct
 	sendheaders
 	tx
 	verack
 	version
 )
diff --git a/src/test/fuzz/autofile.cpp b/src/test/fuzz/autofile.cpp
new file mode 100644
index 000000000..f35a527e3
--- /dev/null
+++ b/src/test/fuzz/autofile.cpp
@@ -0,0 +1,79 @@
+// Copyright (c) 2020 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <streams.h>
+
+#include <test/fuzz/FuzzedDataProvider.h>
+#include <test/fuzz/fuzz.h>
+#include <test/fuzz/util.h>
+
+#include <array>
+#include <cstdint>
+#include <iostream>
+#include <string>
+#include <vector>
+
+void test_one_input(const std::vector<uint8_t> &buffer) {
+    FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()};
+    FuzzedAutoFileProvider fuzzed_auto_file_provider =
+        ConsumeAutoFile(fuzzed_data_provider);
+    CAutoFile auto_file = fuzzed_auto_file_provider.open();
+    while (fuzzed_data_provider.ConsumeBool()) {
+        switch (fuzzed_data_provider.ConsumeIntegralInRange<int>(0, 5)) {
+            case 0: {
+                std::array<uint8_t, 4096> arr{};
+                try {
+                    auto_file.read(
+                        (char *)arr.data(),
+                        fuzzed_data_provider.ConsumeIntegralInRange<size_t>(
+                            0, 4096));
+                } catch (const std::ios_base::failure &) {
+                }
+                break;
+            }
+            case 1: {
+                const std::array<uint8_t, 4096> arr{};
+                try {
+                    auto_file.write(
+                        (const char *)arr.data(),
+                        fuzzed_data_provider.ConsumeIntegralInRange<size_t>(
+                            0, 4096));
+                } catch (const std::ios_base::failure &) {
+                }
+                break;
+            }
+            case 2: {
+                try {
+                    auto_file.ignore(
+                        fuzzed_data_provider.ConsumeIntegralInRange<size_t>(
+                            0, 4096));
+                } catch (const std::ios_base::failure &) {
+                }
+                break;
+            }
+            case 3: {
+                auto_file.fclose();
+                break;
+            }
+            case 4: {
+                ReadFromStream(fuzzed_data_provider, auto_file);
+                break;
+            }
+            case 5: {
+                WriteToStream(fuzzed_data_provider, auto_file);
+                break;
+            }
+        }
+    }
+    (void)auto_file.Get();
+    (void)auto_file.GetType();
+    (void)auto_file.GetVersion();
+    (void)auto_file.IsNull();
+    if (fuzzed_data_provider.ConsumeBool()) {
+        FILE *f = auto_file.release();
+        if (f != nullptr) {
+            fclose(f);
+        }
+    }
+}
diff --git a/src/test/fuzz/buffered_file.cpp b/src/test/fuzz/buffered_file.cpp
new file mode 100644
index 000000000..826bec75a
--- /dev/null
+++ b/src/test/fuzz/buffered_file.cpp
@@ -0,0 +1,93 @@
+// Copyright (c) 2020 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <streams.h>
+
+#include <test/fuzz/FuzzedDataProvider.h>
+#include <test/fuzz/fuzz.h>
+#include <test/fuzz/util.h>
+
+#include <array>
+#include <cstdint>
+#include <iostream>
+#include <optional>
+#include <string>
+#include <vector>
+
+void test_one_input(const std::vector<uint8_t> &buffer) {
+    FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()};
+    FuzzedFileProvider fuzzed_file_provider = ConsumeFile(fuzzed_data_provider);
+    std::optional<CBufferedFile> opt_buffered_file;
+    FILE *fuzzed_file = fuzzed_file_provider.open();
+    try {
+        opt_buffered_file.emplace(
+            fuzzed_file,
+            fuzzed_data_provider.ConsumeIntegralInRange<uint64_t>(0, 4096),
+            fuzzed_data_provider.ConsumeIntegralInRange<uint64_t>(0, 4096),
+            fuzzed_data_provider.ConsumeIntegral<int>(),
+            fuzzed_data_provider.ConsumeIntegral<int>());
+    } catch (const std::ios_base::failure &) {
+        if (fuzzed_file != nullptr) {
+            fclose(fuzzed_file);
+        }
+    }
+    if (opt_buffered_file && fuzzed_file != nullptr) {
+        bool setpos_fail = false;
+        while (fuzzed_data_provider.ConsumeBool()) {
+            switch (fuzzed_data_provider.ConsumeIntegralInRange<int>(0, 5)) {
+                case 0: {
+                    std::array<uint8_t, 4096> arr{};
+                    try {
+                        opt_buffered_file->read(
+                            (char *)arr.data(),
+                            fuzzed_data_provider.ConsumeIntegralInRange<size_t>(
+                                0, 4096));
+                    } catch (const std::ios_base::failure &) {
+                    }
+                    break;
+                }
+                case 1: {
+                    opt_buffered_file->Seek(
+                        fuzzed_data_provider.ConsumeIntegralInRange<uint64_t>(
+                            0, 4096));
+                    break;
+                }
+                case 2: {
+                    opt_buffered_file->SetLimit(
+                        fuzzed_data_provider.ConsumeIntegralInRange<uint64_t>(
+                            0, 4096));
+                    break;
+                }
+                case 3: {
+                    if (!opt_buffered_file->SetPos(
+                            fuzzed_data_provider
+                                .ConsumeIntegralInRange<uint64_t>(0, 4096))) {
+                        setpos_fail = true;
+                    }
+                    break;
+                }
+                case 4: {
+                    if (setpos_fail) {
+                        // Calling FindByte(...) after a failed SetPos(...) call
+                        // may result in an infinite loop.
+                        break;
+                    }
+                    try {
+                        opt_buffered_file->FindByte(
+                            fuzzed_data_provider.ConsumeIntegral<char>());
+                    } catch (const std::ios_base::failure &) {
+                    }
+                    break;
+                }
+                case 5: {
+                    ReadFromStream(fuzzed_data_provider, *opt_buffered_file);
+                    break;
+                }
+            }
+        }
+        opt_buffered_file->GetPos();
+        opt_buffered_file->GetType();
+        opt_buffered_file->GetVersion();
+    }
+}
diff --git a/src/test/fuzz/load_external_block_file.cpp b/src/test/fuzz/load_external_block_file.cpp
new file mode 100644
index 000000000..63b6e1413
--- /dev/null
+++ b/src/test/fuzz/load_external_block_file.cpp
@@ -0,0 +1,32 @@
+// Copyright (c) 2020 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <config.h>
+#include <flatfile.h>
+#include <validation.h>
+
+#include <test/fuzz/FuzzedDataProvider.h>
+#include <test/fuzz/fuzz.h>
+#include <test/fuzz/util.h>
+#include <test/util/setup_common.h>
+
+#include <cstdint>
+#include <vector>
+
+void initialize() {
+    InitializeFuzzingContext();
+}
+
+void test_one_input(const std::vector<uint8_t> &buffer) {
+    FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()};
+    FuzzedFileProvider fuzzed_file_provider = ConsumeFile(fuzzed_data_provider);
+    FILE *fuzzed_block_file = fuzzed_file_provider.open();
+    if (fuzzed_block_file == nullptr) {
+        return;
+    }
+    FlatFilePos flat_file_pos;
+    LoadExternalBlockFile(GetConfig(), fuzzed_block_file,
+                          fuzzed_data_provider.ConsumeBool() ? &flat_file_pos
+                                                             : nullptr);
+}
diff --git a/src/test/fuzz/util.h b/src/test/fuzz/util.h
index d8dd7a7a7..d5c6e758f 100644
--- a/src/test/fuzz/util.h
+++ b/src/test/fuzz/util.h
@@ -1,262 +1,490 @@
 // Copyright (c) 2009-2019 The Bitcoin Core developers
 // Distributed under the MIT software license, see the accompanying
 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
 
 #ifndef BITCOIN_TEST_FUZZ_UTIL_H
 #define BITCOIN_TEST_FUZZ_UTIL_H
 
 #include <amount.h>
 #include <arith_uint256.h>
 #include <attributes.h>
 #include <chainparamsbase.h>
 #include <coins.h>
 #include <netbase.h>
 #include <script/script.h>
 #include <script/standard.h>
 #include <serialize.h>
 #include <streams.h>
 #include <uint256.h>
 #include <version.h>
 
 #include <test/fuzz/FuzzedDataProvider.h>
 #include <test/fuzz/fuzz.h>
 #include <test/util/setup_common.h>
 
 #include <algorithm>
 #include <cstdint>
+#include <cstdio>
 #include <string>
 #include <vector>
 
 namespace fuzzer {
 // FIXME find a better way to avoid duplicating the MAX_MONEY definition
 constexpr int64_t MAX_MONEY_AS_INT = int64_t(21000000) * int64_t(100000000);
 } // end namespace fuzzer
 
 using namespace fuzzer;
 
 NODISCARD inline std::vector<uint8_t>
 ConsumeRandomLengthByteVector(FuzzedDataProvider &fuzzed_data_provider,
                               const size_t max_length = 4096) noexcept {
     const std::string s =
         fuzzed_data_provider.ConsumeRandomLengthString(max_length);
     return {s.begin(), s.end()};
 }
 
 NODISCARD inline CDataStream
 ConsumeDataStream(FuzzedDataProvider &fuzzed_data_provider,
                   const size_t max_length = 4096) noexcept {
     return {ConsumeRandomLengthByteVector(fuzzed_data_provider, max_length),
             SER_NETWORK, INIT_PROTO_VERSION};
 }
 
 NODISCARD inline std::vector<std::string>
 ConsumeRandomLengthStringVector(FuzzedDataProvider &fuzzed_data_provider,
                                 const size_t max_vector_size = 16,
                                 const size_t max_string_length = 16) noexcept {
     const size_t n_elements =
         fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, max_vector_size);
     std::vector<std::string> r;
     for (size_t i = 0; i < n_elements; ++i) {
         r.push_back(
             fuzzed_data_provider.ConsumeRandomLengthString(max_string_length));
     }
     return r;
 }
 
 template <typename T>
 NODISCARD inline std::vector<T>
 ConsumeRandomLengthIntegralVector(FuzzedDataProvider &fuzzed_data_provider,
                                   const size_t max_vector_size = 16) noexcept {
     const size_t n_elements =
         fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, max_vector_size);
     std::vector<T> r;
     for (size_t i = 0; i < n_elements; ++i) {
         r.push_back(fuzzed_data_provider.ConsumeIntegral<T>());
     }
     return r;
 }
 
 template <typename T>
 NODISCARD inline std::optional<T>
 ConsumeDeserializable(FuzzedDataProvider &fuzzed_data_provider,
                       const size_t max_length = 4096) noexcept {
     const std::vector<uint8_t> buffer =
         ConsumeRandomLengthByteVector(fuzzed_data_provider, max_length);
     CDataStream ds{buffer, SER_NETWORK, INIT_PROTO_VERSION};
     T obj;
     try {
         ds >> obj;
     } catch (const std::ios_base::failure &) {
         return std::nullopt;
     }
     return obj;
 }
 
 NODISCARD inline opcodetype
 ConsumeOpcodeType(FuzzedDataProvider &fuzzed_data_provider) noexcept {
     return static_cast<opcodetype>(
         fuzzed_data_provider.ConsumeIntegralInRange<uint32_t>(0, MAX_OPCODE));
 }
 
 NODISCARD inline Amount
 ConsumeMoney(FuzzedDataProvider &fuzzed_data_provider) noexcept {
     return fuzzed_data_provider.ConsumeIntegralInRange<int64_t>(
                0, MAX_MONEY_AS_INT) *
            SATOSHI;
 }
 
 NODISCARD inline CScript
 ConsumeScript(FuzzedDataProvider &fuzzed_data_provider) noexcept {
     const std::vector<uint8_t> b =
         ConsumeRandomLengthByteVector(fuzzed_data_provider);
     return {b.begin(), b.end()};
 }
 
 NODISCARD inline CScriptNum
 ConsumeScriptNum(FuzzedDataProvider &fuzzed_data_provider) noexcept {
     return CScriptNum{fuzzed_data_provider.ConsumeIntegral<int64_t>()};
 }
 
 NODISCARD inline uint160
 ConsumeUInt160(FuzzedDataProvider &fuzzed_data_provider) noexcept {
     const std::vector<uint8_t> v160 =
         fuzzed_data_provider.ConsumeBytes<uint8_t>(160 / 8);
     if (v160.size() != 160 / 8) {
         return {};
     }
     return uint160{v160};
 }
 
 NODISCARD inline uint256
 ConsumeUInt256(FuzzedDataProvider &fuzzed_data_provider) noexcept {
     const std::vector<uint8_t> v256 =
         fuzzed_data_provider.ConsumeBytes<uint8_t>(256 / 8);
     if (v256.size() != 256 / 8) {
         return {};
     }
     return uint256{v256};
 }
 
 NODISCARD inline arith_uint256
 ConsumeArithUInt256(FuzzedDataProvider &fuzzed_data_provider) noexcept {
     return UintToArith256(ConsumeUInt256(fuzzed_data_provider));
 }
 
 NODISCARD inline CTxDestination
 ConsumeTxDestination(FuzzedDataProvider &fuzzed_data_provider) noexcept {
     CTxDestination tx_destination;
     switch (fuzzed_data_provider.ConsumeIntegralInRange<int>(0, 3)) {
         case 0: {
             tx_destination = CNoDestination{};
             break;
         }
         case 1: {
             tx_destination = PKHash{ConsumeUInt160(fuzzed_data_provider)};
             break;
         }
         case 2: {
             tx_destination = ScriptHash{ConsumeUInt160(fuzzed_data_provider)};
             break;
         }
     }
     return tx_destination;
 }
 
 template <typename T>
 NODISCARD bool MultiplicationOverflow(const T i, const T j) noexcept {
     static_assert(std::is_integral<T>::value, "Integral required.");
     if (std::numeric_limits<T>::is_signed) {
         if (i > 0) {
             if (j > 0) {
                 return i > (std::numeric_limits<T>::max() / j);
             } else {
                 return j < (std::numeric_limits<T>::min() / i);
             }
         } else {
             if (j > 0) {
                 return i < (std::numeric_limits<T>::min() / j);
             } else {
                 return i != 0 && (j < (std::numeric_limits<T>::max() / i));
             }
         }
     } else {
         return j != 0 && i > std::numeric_limits<T>::max() / j;
     }
 }
 
 template <class T>
 NODISCARD bool AdditionOverflow(const T i, const T j) noexcept {
     static_assert(std::is_integral<T>::value, "Integral required.");
     if (std::numeric_limits<T>::is_signed) {
         return (i > 0 && j > std::numeric_limits<T>::max() - i) ||
                (i < 0 && j < std::numeric_limits<T>::min() - i);
     }
     return std::numeric_limits<T>::max() - i < j;
 }
 
 NODISCARD inline bool
 ContainsSpentInput(const CTransaction &tx,
                    const CCoinsViewCache &inputs) noexcept {
     for (const CTxIn &tx_in : tx.vin) {
         const Coin &coin = inputs.AccessCoin(tx_in.prevout);
         if (coin.IsSpent()) {
             return true;
         }
     }
     return false;
 }
 
 /**
  * Returns a byte vector of specified size regardless of the number of remaining
  * bytes available from the fuzzer. Pads with zero value bytes if needed to
  * achieve the specified size.
  */
 NODISCARD inline std::vector<uint8_t>
 ConsumeFixedLengthByteVector(FuzzedDataProvider &fuzzed_data_provider,
                              const size_t length) noexcept {
     std::vector<uint8_t> result(length);
     const std::vector<uint8_t> random_bytes =
         fuzzed_data_provider.ConsumeBytes<uint8_t>(length);
     if (!random_bytes.empty()) {
         std::memcpy(result.data(), random_bytes.data(), random_bytes.size());
     }
     return result;
 }
 
 CNetAddr ConsumeNetAddr(FuzzedDataProvider &fuzzed_data_provider) noexcept {
     const Network network = fuzzed_data_provider.PickValueInArray(
         {Network::NET_IPV4, Network::NET_IPV6, Network::NET_INTERNAL,
          Network::NET_ONION});
     CNetAddr net_addr;
     if (network == Network::NET_IPV4) {
         const in_addr v4_addr = {
             .s_addr = fuzzed_data_provider.ConsumeIntegral<uint32_t>()};
         net_addr = CNetAddr{v4_addr};
     } else if (network == Network::NET_IPV6) {
         if (fuzzed_data_provider.remaining_bytes() >= 16) {
             in6_addr v6_addr = {};
             memcpy(v6_addr.s6_addr,
                    fuzzed_data_provider.ConsumeBytes<uint8_t>(16).data(), 16);
             net_addr = CNetAddr{
                 v6_addr, fuzzed_data_provider.ConsumeIntegral<uint32_t>()};
         }
     } else if (network == Network::NET_INTERNAL) {
         net_addr.SetInternal(fuzzed_data_provider.ConsumeBytesAsString(32));
     } else if (network == Network::NET_ONION) {
         net_addr.SetSpecial(fuzzed_data_provider.ConsumeBytesAsString(32));
     }
     return net_addr;
 }
 
 CSubNet ConsumeSubNet(FuzzedDataProvider &fuzzed_data_provider) noexcept {
     return {ConsumeNetAddr(fuzzed_data_provider),
             fuzzed_data_provider.ConsumeIntegral<int32_t>()};
 }
 
 void InitializeFuzzingContext(
     const std::string &chain_name = CBaseChainParams::REGTEST) {
     static const BasicTestingSetup basic_testing_setup{chain_name,
                                                        {"-nodebuglogfile"}};
 }
 
+class FuzzedFileProvider {
+    FuzzedDataProvider &m_fuzzed_data_provider;
+    int64_t m_offset = 0;
+
+public:
+    FuzzedFileProvider(FuzzedDataProvider &fuzzed_data_provider)
+        : m_fuzzed_data_provider{fuzzed_data_provider} {}
+
+    FILE *open() {
+        if (m_fuzzed_data_provider.ConsumeBool()) {
+            return nullptr;
+        }
+        std::string mode;
+        switch (m_fuzzed_data_provider.ConsumeIntegralInRange<int>(0, 5)) {
+            case 0: {
+                mode = "r";
+                break;
+            }
+            case 1: {
+                mode = "r+";
+                break;
+            }
+            case 2: {
+                mode = "w";
+                break;
+            }
+            case 3: {
+                mode = "w+";
+                break;
+            }
+            case 4: {
+                mode = "a";
+                break;
+            }
+            case 5: {
+                mode = "a+";
+                break;
+            }
+        }
+#ifdef _GNU_SOURCE
+        const cookie_io_functions_t io_hooks = {
+            FuzzedFileProvider::read,
+            FuzzedFileProvider::write,
+            FuzzedFileProvider::seek,
+            FuzzedFileProvider::close,
+        };
+        return fopencookie(this, mode.c_str(), io_hooks);
+#else
+        (void)mode;
+        return nullptr;
+#endif
+    }
+
+    static ssize_t read(void *cookie, char *buf, size_t size) {
+        FuzzedFileProvider *fuzzed_file = (FuzzedFileProvider *)cookie;
+        if (buf == nullptr || size == 0 ||
+            fuzzed_file->m_fuzzed_data_provider.ConsumeBool()) {
+            return fuzzed_file->m_fuzzed_data_provider.ConsumeBool() ? 0 : -1;
+        }
+        const std::vector<uint8_t> random_bytes =
+            fuzzed_file->m_fuzzed_data_provider.ConsumeBytes<uint8_t>(size);
+        if (random_bytes.empty()) {
+            return 0;
+        }
+        std::memcpy(buf, random_bytes.data(), random_bytes.size());
+        if (AdditionOverflow((uint64_t)fuzzed_file->m_offset,
+                             random_bytes.size())) {
+            return fuzzed_file->m_fuzzed_data_provider.ConsumeBool() ? 0 : -1;
+        }
+        fuzzed_file->m_offset += random_bytes.size();
+        return random_bytes.size();
+    }
+
+    static ssize_t write(void *cookie, const char *buf, size_t size) {
+        FuzzedFileProvider *fuzzed_file = (FuzzedFileProvider *)cookie;
+        const ssize_t n =
+            fuzzed_file->m_fuzzed_data_provider.ConsumeIntegralInRange<ssize_t>(
+                0, size);
+        if (AdditionOverflow(fuzzed_file->m_offset, n)) {
+            return fuzzed_file->m_fuzzed_data_provider.ConsumeBool() ? 0 : -1;
+        }
+        fuzzed_file->m_offset += n;
+        return n;
+    }
+
+    static int seek(void *cookie, int64_t *offset, int whence) {
+        // SEEK_END not implemented yet.
+        assert(whence == SEEK_SET || whence == SEEK_CUR);
+        FuzzedFileProvider *fuzzed_file = (FuzzedFileProvider *)cookie;
+        int64_t new_offset = 0;
+        if (whence == SEEK_SET) {
+            new_offset = *offset;
+        } else if (whence == SEEK_CUR) {
+            if (AdditionOverflow(fuzzed_file->m_offset, *offset)) {
+                return -1;
+            }
+            new_offset = fuzzed_file->m_offset + *offset;
+        }
+        if (new_offset < 0) {
+            return -1;
+        }
+        fuzzed_file->m_offset = new_offset;
+        *offset = new_offset;
+        return fuzzed_file->m_fuzzed_data_provider.ConsumeIntegralInRange<int>(
+            -1, 0);
+    }
+
+    static int close(void *cookie) {
+        FuzzedFileProvider *fuzzed_file = (FuzzedFileProvider *)cookie;
+        return fuzzed_file->m_fuzzed_data_provider.ConsumeIntegralInRange<int>(
+            -1, 0);
+    }
+};
+
+NODISCARD inline FuzzedFileProvider
+ConsumeFile(FuzzedDataProvider &fuzzed_data_provider) noexcept {
+    return {fuzzed_data_provider};
+}
+
+class FuzzedAutoFileProvider {
+    FuzzedDataProvider &m_fuzzed_data_provider;
+    FuzzedFileProvider m_fuzzed_file_provider;
+
+public:
+    FuzzedAutoFileProvider(FuzzedDataProvider &fuzzed_data_provider)
+        : m_fuzzed_data_provider{fuzzed_data_provider},
+          m_fuzzed_file_provider{fuzzed_data_provider} {}
+
+    CAutoFile open() {
+        return {m_fuzzed_file_provider.open(),
+                m_fuzzed_data_provider.ConsumeIntegral<int>(),
+                m_fuzzed_data_provider.ConsumeIntegral<int>()};
+    }
+};
+
+NODISCARD inline FuzzedAutoFileProvider
+ConsumeAutoFile(FuzzedDataProvider &fuzzed_data_provider) noexcept {
+    return {fuzzed_data_provider};
+}
+
+#define WRITE_TO_STREAM_CASE(id, type, consume)                                \
+    case id: {                                                                 \
+        type o = consume;                                                      \
+        stream << o;                                                           \
+        break;                                                                 \
+    }
+template <typename Stream>
+void WriteToStream(FuzzedDataProvider &fuzzed_data_provider,
+                   Stream &stream) noexcept {
+    while (fuzzed_data_provider.ConsumeBool()) {
+        try {
+            switch (fuzzed_data_provider.ConsumeIntegralInRange<int>(0, 13)) {
+                WRITE_TO_STREAM_CASE(0, bool,
+                                     fuzzed_data_provider.ConsumeBool())
+                WRITE_TO_STREAM_CASE(
+                    1, char, fuzzed_data_provider.ConsumeIntegral<char>())
+                WRITE_TO_STREAM_CASE(
+                    2, int8_t, fuzzed_data_provider.ConsumeIntegral<int8_t>())
+                WRITE_TO_STREAM_CASE(
+                    3, uint8_t, fuzzed_data_provider.ConsumeIntegral<uint8_t>())
+                WRITE_TO_STREAM_CASE(
+                    4, int16_t, fuzzed_data_provider.ConsumeIntegral<int16_t>())
+                WRITE_TO_STREAM_CASE(
+                    5, uint16_t,
+                    fuzzed_data_provider.ConsumeIntegral<uint16_t>())
+                WRITE_TO_STREAM_CASE(
+                    6, int32_t, fuzzed_data_provider.ConsumeIntegral<int32_t>())
+                WRITE_TO_STREAM_CASE(
+                    7, uint32_t,
+                    fuzzed_data_provider.ConsumeIntegral<uint32_t>())
+                WRITE_TO_STREAM_CASE(
+                    8, int64_t, fuzzed_data_provider.ConsumeIntegral<int64_t>())
+                WRITE_TO_STREAM_CASE(
+                    9, uint64_t,
+                    fuzzed_data_provider.ConsumeIntegral<uint64_t>())
+                WRITE_TO_STREAM_CASE(
+                    10, float,
+                    fuzzed_data_provider.ConsumeFloatingPoint<float>())
+                WRITE_TO_STREAM_CASE(
+                    11, double,
+                    fuzzed_data_provider.ConsumeFloatingPoint<double>())
+                WRITE_TO_STREAM_CASE(
+                    12, std::string,
+                    fuzzed_data_provider.ConsumeRandomLengthString(32))
+                WRITE_TO_STREAM_CASE(13, std::vector<char>,
+                                     ConsumeRandomLengthIntegralVector<char>(
+                                         fuzzed_data_provider))
+            }
+        } catch (const std::ios_base::failure &) {
+            break;
+        }
+    }
+}
+
+#define READ_FROM_STREAM_CASE(id, type)                                        \
+    case id: {                                                                 \
+        type o;                                                                \
+        stream >> o;                                                           \
+        break;                                                                 \
+    }
+template <typename Stream>
+void ReadFromStream(FuzzedDataProvider &fuzzed_data_provider,
+                    Stream &stream) noexcept {
+    while (fuzzed_data_provider.ConsumeBool()) {
+        try {
+            switch (fuzzed_data_provider.ConsumeIntegralInRange<int>(0, 13)) {
+                READ_FROM_STREAM_CASE(0, bool)
+                READ_FROM_STREAM_CASE(1, char)
+                READ_FROM_STREAM_CASE(2, int8_t)
+                READ_FROM_STREAM_CASE(3, uint8_t)
+                READ_FROM_STREAM_CASE(4, int16_t)
+                READ_FROM_STREAM_CASE(5, uint16_t)
+                READ_FROM_STREAM_CASE(6, int32_t)
+                READ_FROM_STREAM_CASE(7, uint32_t)
+                READ_FROM_STREAM_CASE(8, int64_t)
+                READ_FROM_STREAM_CASE(9, uint64_t)
+                READ_FROM_STREAM_CASE(10, float)
+                READ_FROM_STREAM_CASE(11, double)
+                READ_FROM_STREAM_CASE(12, std::string)
+                READ_FROM_STREAM_CASE(13, std::vector<char>)
+            }
+        } catch (const std::ios_base::failure &) {
+            break;
+        }
+    }
+}
+
 #endif // BITCOIN_TEST_FUZZ_UTIL_H