When won't double submit cookie help against CSRF?

If a POST form is supposed to send both a COOKIE header and an hidden input of the cookie value, in which cases could an attacker pass this defense?