From 0fac0d5c239da0940792c67ee1011fdf2a924d0d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Enrique=20Lo=CC=81pez=20Man=CC=83as?=
 <eenriquelopez@gmail.com>
Date: Wed, 15 Apr 2026 12:24:25 +0200
Subject: [PATCH 1/2] fix: restrict KML image downloads to http/https schemes
 and remove local fallback

---
 .../com/google/maps/android/data/kml/KmlRenderer.java  | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/library/src/main/java/com/google/maps/android/data/kml/KmlRenderer.java b/library/src/main/java/com/google/maps/android/data/kml/KmlRenderer.java
index 93c38b0a3..28e545b8e 100644
--- a/library/src/main/java/com/google/maps/android/data/kml/KmlRenderer.java
+++ b/library/src/main/java/com/google/maps/android/data/kml/KmlRenderer.java
@@ -538,8 +538,6 @@ public MarkerIconImageDownload(String iconUrl) {
         protected Bitmap doInBackground(String... params) {
             try {
                 return getBitmapFromUrl(mIconUrl);
-            } catch (MalformedURLException e) {
-                return BitmapFactory.decodeFile(mIconUrl);
             } catch (IOException e) {
                 e.printStackTrace();
             }
@@ -588,8 +586,6 @@ public GroundOverlayImageDownload(String groundOverlayUrl) {
         protected Bitmap doInBackground(String... params) {
             try {
                 return getBitmapFromUrl(mGroundOverlayUrl);
-            } catch (MalformedURLException e) {
-                return BitmapFactory.decodeFile(mGroundOverlayUrl);
             } catch (IOException e) {
                 Log.e(LOG_TAG, "Image [" + mGroundOverlayUrl + "] download issue", e);
             }
@@ -621,7 +617,11 @@ protected void onPostExecute(Bitmap bitmap) {
      * @return the bitmap of that image, scaled according to screen density.
      */
     private Bitmap getBitmapFromUrl(String url) throws IOException {
-        return BitmapFactory.decodeStream(openConnectionCheckRedirects(new URL(url).openConnection()));
+        URL parsedUrl = new URL(url);
+        if (!parsedUrl.getProtocol().equalsIgnoreCase("http") && !parsedUrl.getProtocol().equalsIgnoreCase("https")) {
+            throw new MalformedURLException("Unsupported scheme: " + parsedUrl.getProtocol());
+        }
+        return BitmapFactory.decodeStream(openConnectionCheckRedirects(parsedUrl.openConnection()));
     }
 
     /**

From 32ec119ee62c4f41e23b98a3899f0ddf2fcc00e4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Enrique=20Lo=CC=81pez=20Man=CC=83as?=
 <eenriquelopez@gmail.com>
Date: Wed, 15 Apr 2026 13:02:46 +0200
Subject: [PATCH 2/2] test: verify URL scheme validation for KML images

---
 .../android/data/kml/KmlRendererTest.java     | 38 +++++++++++++++++++
 1 file changed, 38 insertions(+)

diff --git a/library/src/test/java/com/google/maps/android/data/kml/KmlRendererTest.java b/library/src/test/java/com/google/maps/android/data/kml/KmlRendererTest.java
index 68696aa64..1ace1c29c 100644
--- a/library/src/test/java/com/google/maps/android/data/kml/KmlRendererTest.java
+++ b/library/src/test/java/com/google/maps/android/data/kml/KmlRendererTest.java
@@ -77,4 +77,42 @@ public void testAssignStyleMap() {
         assertNotNull(styleMap.get("BlueKey"));
         assertEquals(styles.get("BlueKey"), redStyle);
     }
+
+    @Test
+    public void testBitmapUrlSchemeValidation() throws Exception {
+        KmlRenderer renderer = new KmlRenderer(null, null, null, null, null, null, null);
+        java.lang.reflect.Method method = KmlRenderer.class.getDeclaredMethod("getBitmapFromUrl", String.class);
+        method.setAccessible(true);
+        
+        // Should throw MalformedURLException for file:// scheme
+        try {
+            method.invoke(renderer, "file:///android_asset/image.png");
+            org.junit.Assert.fail("Should have thrown InvocationTargetException containing MalformedURLException");
+        } catch (java.lang.reflect.InvocationTargetException e) {
+            assertTrue(e.getCause() instanceof java.net.MalformedURLException);
+            assertEquals("Unsupported scheme: file", e.getCause().getMessage());
+        }
+
+        // Should throw MalformedURLException for ftp:// scheme
+        try {
+            method.invoke(renderer, "ftp://example.com/image.png");
+            org.junit.Assert.fail("Should have thrown InvocationTargetException containing MalformedURLException");
+        } catch (java.lang.reflect.InvocationTargetException e) {
+            assertTrue(e.getCause() instanceof java.net.MalformedURLException);
+            assertEquals("Unsupported scheme: ftp", e.getCause().getMessage());
+        }
+        
+        // For http/https, it should not throw MalformedURLException with "Unsupported scheme"
+        try {
+            method.invoke(renderer, "http://example.com/image.png");
+        } catch (java.lang.reflect.InvocationTargetException e) {
+            org.junit.Assert.assertFalse(e.getCause().getMessage() != null && e.getCause().getMessage().startsWith("Unsupported scheme"));
+        }
+        
+        try {
+            method.invoke(renderer, "https://example.com/image.png");
+        } catch (java.lang.reflect.InvocationTargetException e) {
+            org.junit.Assert.assertFalse(e.getCause().getMessage() != null && e.getCause().getMessage().startsWith("Unsupported scheme"));
+        }
+    }
 }