Major Description
The current implementation of create_stream has several issues:
1) It lets to stream contents of an INVALID_FILE_SIZE file. In such case we would end derreferencing a NULL pointer
2) If the file has a valid file size but we're unable to read it, we would end derreferencing a freed pointer.
3) hresult "hr" variable is not properly set in INVALID_FILE_SIZE case.
The patch fixes this issues, spotted by CID 1363720 , and also cleans the logic: Return as soon as an error is detected and reducing the nested ifs making the code slightly more readable.