If NO_IDENT_CHECKING is defined during compilation format string bug is possible in username.
vulners.com/securityvulns/securityvulns:doc:5706