--- frontend/saned.c
+++ frontend/saned.c
@@ -1992,6 +1992,32 @@ process_request (Wire * w)
 	    return 1;
 	  }
 
+        /* Debian BTS #853804 */
+        if (w->direction == WIRE_DECODE
+            && req.value_type == SANE_TYPE_STRING
+            && req.action     == SANE_ACTION_GET_VALUE)
+          {
+            if (req.value)
+              {
+                /* FIXME: If req.value contained embedded NUL
+                 *        characters, this is wrong.
+                 */
+                w->allocated_memory -= (1 + strlen (req.value));
+                free (req.value);
+              }
+            req.value = malloc (req.value_size);
+            if (!req.value)
+              {
+                w->status = ENOMEM;
+                DBG (DBG_ERR,
+                     "process_request: (control_option) "
+                     "h=%d (%s)\n", req.handle, strerror (w->status));
+                return 1;
+              }
+            memset (req.value, 0, req.value_size);
+            w->allocated_memory += req.value_size;
+          }
+
 	can_authorize = 1;
 
 	memset (&reply, 0, sizeof (reply));	/* avoid leaking bits */