When i_size is sufficiently large, we would overflow malloc(), and then
overwrite the heap with stream_Read().

Bug reported by: Alin Rad Pop, Secunia Research.