The value of a block cookie should begin with a block ID. In BlockManager::getBlockFromCookieValue, if this ID points to an invalid (e.g. expired) block, the cookie is cleared; however, if it does not begin with a block ID (or contains an invalid hash), it is not currently cleared. It should be cleared in both cases.
If I attempt to modify a block cookie (e.g. changing the hash value, block id, invalid format) it gets cleared when I attempt to edit a page (either using VisualEditor or source editor) or create an account.
This is the case for both User (autoblock) and IP cookies.
Regression-wise, the correct block is still being set from the cookie (which is what the function we have modified, getBlockFromCookieValue, is supposed to do).