It's trivial to craft a HTTP response that will make the code for
skipping trailing whitespace access and possibly overwrite bytes outside
of the memory allocation. Why this can happen is blindingly obvious: it
accesses cstr[strlen(cstr)-1] without checking whether the string is
empty.
{
char *param, *next_param, *cstr, *back;
+ if (!set_cookie[0])
+ return 0;
+
if (!(cstr = av_strdup(set_cookie)))
return AVERROR(EINVAL);