hplip uses insecure memcpy

Hello,

While using hplip 3.6.11 on LEDE (https://lede-project.org/), sane-backends always crashed whenever I asked for any scanning. I debugged it to be this call:

io/hpmud/musb.c:773:

 770 len = size-1; /* leave byte for zero termination */
 771 if (len > 2)
 772 len -= 2;
 773 memcpy(buffer, buffer+2, len); /* remove length */
 774 buffer[len]=0;
 775 DBG("read actual device_id successfully fd=%d len=%d\n", fd, len);

memcpy should never be used with overlapping memory regions (http://stackoverflow.com/a/4415926). LEDE compiles all packages with some source fortify options that detected this behavior. The correct method would be memmove, that works fine with overlapping regions.

I do have a patch for it, but I guess it is too trivial to be used. It simply replace memcpy with memmove:
https://github.com/luizluca/openwrt-packages/blob/036c9f569bad7a9156e20a7238908227f902034c/utils/hplip/patches/030-replace_unsafe_memcpy_with_memmove.patch

I'm not sure if this could be a security vulnerability (probably not).