scanning on PSC1610 segfaults

Valgrind output below.

Gentoo linux on 64-bit x86; I tried with hplip 3.11.10 and 3.12.2-r2 with the same results. Sane version is 1.0.22

Note that I don't believe the memcpy overlap is the issue as i tried LD_PRELOAD a safe version of memcpy and the crash still occurred.

==28463== Memcheck, a memory error detector
==28463== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
==28463== Using Valgrind-3.6.1 and LibVEX; rerun with -h for copyright info
==28463== Command: scanimage --jpeg-quality 100
==28463==
==28463== Conditional jump or move depends on uninitialised value(s)
==28463== at 0x516E53E: __strspn_sse42 (in /lib64/libc-2.13.so)
==28463== by 0xE77510E: hp_read_config (in /usr/lib64/sane/libsane-hp.so.1.0.22)
==28463== by 0xE775974: sane_hp_get_devices (in /usr/lib64/sane/libsane-hp.so.1.0.22)
==28463== by 0x4E483B0: sane_dll_get_devices (in /usr/lib64/libsane.so.1.0.22)
==28463== by 0x404C8C: main (in /usr/bin/scanimage)
==28463==
==28463== Use of uninitialised value of size 8
==28463== at 0x4C2BEDD: __strcpy_chk (mc_replace_strmem.c:893)
==28463== by 0xE775122: hp_read_config (in /usr/lib64/sane/libsane-hp.so.1.0.22)
==28463== by 0xE775974: sane_hp_get_devices (in /usr/lib64/sane/libsane-hp.so.1.0.22)
==28463== by 0x4E483B0: sane_dll_get_devices (in /usr/lib64/libsane.so.1.0.22)
==28463== by 0x404C8C: main (in /usr/bin/scanimage)
==28463==
==28463== Source and destination overlap in memcpy(0x7257d48, 0x7257d4a, 204)
==28463== at 0x4C2A704: memcpy (mc_replace_strmem.c:635)
==28463== by 0x6FDA7BA: device_id.clone.11 (in /usr/lib64/libhpmud.so.0.0.6)
==28463== by 0x6FDB074: musb_open (in /usr/lib64/libhpmud.so.0.0.6)
==28463== by 0x6FD51E1: hpmud_open_device (in /usr/lib64/libhpmud.so.0.0.6)
==28463== by 0x6B896B4: sane_hpaio_open (in /usr/lib64/sane/libsane-hpaio.so.1.0.0)
==28463== by 0x4E487E6: sane_dll_open (in /usr/lib64/libsane.so.1.0.22)
==28463== by 0x404925: main (in /usr/bin/scanimage)
==28463==
==28463== Source and destination overlap in memcpy(0x7257d48, 0x7257d4a, 204)
==28463== at 0x4C2A704: memcpy (mc_replace_strmem.c:635)
==28463== by 0x6FDA7BA: device_id.clone.11 (in /usr/lib64/libhpmud.so.0.0.6)
==28463== by 0x6FDA8D0: musb_get_device_id (in /usr/lib64/libhpmud.so.0.0.6)
==28463== by 0x6B89736: sane_hpaio_open (in /usr/lib64/sane/libsane-hpaio.so.1.0.0)
==28463== by 0x4E487E6: sane_dll_open (in /usr/lib64/libsane.so.1.0.22)
==28463== by 0x404925: main (in /usr/bin/scanimage)
==28463==
==28463== Invalid read of size 8
==28463== at 0x72C5466: dbus_connection_send (in /usr/lib64/libdbus-1.so.3.5.8)
==28463== by 0x6B9053D: SendScanEvent (in /usr/lib64/sane/libsane-hpaio.so.1.0.0)
==28463== by 0x6B8CD5D: sane_hpaio_start (in /usr/lib64/sane/libsane-hpaio.so.1.0.0)
==28463== by 0x404FCC: main (in /usr/bin/scanimage)
==28463== Address 0x8 is not stack'd, malloc'd or (recently) free'd
==28463==
==28463==
==28463== Process terminating with default action of signal 11 (SIGSEGV)
==28463== Access not within mapped region at address 0x8
==28463== at 0x72C5466: dbus_connection_send (in /usr/lib64/libdbus-1.so.3.5.8)
==28463== by 0x6B9053D: SendScanEvent (in /usr/lib64/sane/libsane-hpaio.so.1.0.0)
==28463== by 0x6B8CD5D: sane_hpaio_start (in /usr/lib64/sane/libsane-hpaio.so.1.0.0)
==28463== by 0x404FCC: main (in /usr/bin/scanimage)
==28463== If you believe this happened as a result of a stack
==28463== overflow in your program's main thread (unlikely but
==28463== possible), you can try to increase the size of the
==28463== main thread stack using the --main-stacksize= flag.
==28463== The main thread stack size used in this run was 8388608.