diff --git a/Tests/LibWeb/Layout/expected/table/col-span-crash.txt b/Tests/LibWeb/Layout/expected/table/col-span-crash.txt
new file mode 100644
index 00000000000..0173b7234d0
--- /dev/null
+++ b/Tests/LibWeb/Layout/expected/table/col-span-crash.txt
@@ -0,0 +1,19 @@
+Viewport <#document> at (0,0) content-size 800x600 children: not-inline
+  BlockContainer <html> at (0,0) content-size 800x600 [BFC] children: not-inline
+    BlockContainer <body> at (8,8) content-size 784x19 children: not-inline
+      TableWrapper <(anonymous)> at (8,8) content-size 4x2 [BFC] children: not-inline
+        Box <table> at (8,8) content-size 4x2 table-box [TFC] children: not-inline
+          BlockContainer <colgroup> (not painted) table-column-group children: not-inline
+            BlockContainer <col> (not painted) children: not-inline
+      BlockContainer <(anonymous)> at (8,10) content-size 784x17 children: inline
+        frag 0 from TextNode start: 1, length: 19, rect: [8,10 162.109375x17] baseline: 13.296875
+            "PASS (didn't crash)"
+        TextNode <#text>
+
+ViewportPaintable (Viewport<#document>) [0,0 800x600]
+  PaintableWithLines (BlockContainer<HTML>) [0,0 800x600]
+    PaintableWithLines (BlockContainer<BODY>) [8,8 784x19]
+      PaintableWithLines (TableWrapper(anonymous)) [8,8 4x2]
+        PaintableBox (Box<TABLE>) [8,8 4x2]
+      PaintableWithLines (BlockContainer(anonymous)) [8,10 784x17]
+        TextPaintable (TextNode<#text>)
diff --git a/Tests/LibWeb/Layout/input/table/col-span-crash.html b/Tests/LibWeb/Layout/input/table/col-span-crash.html
new file mode 100644
index 00000000000..38c6c023185
--- /dev/null
+++ b/Tests/LibWeb/Layout/input/table/col-span-crash.html
@@ -0,0 +1,2 @@
+<table><col span="9"></col></table>
+PASS (didn't crash)
diff --git a/Userland/Libraries/LibWeb/Layout/TableFormattingContext.cpp b/Userland/Libraries/LibWeb/Layout/TableFormattingContext.cpp
index 2d34d1111b5..6a94acc195a 100644
--- a/Userland/Libraries/LibWeb/Layout/TableFormattingContext.cpp
+++ b/Userland/Libraries/LibWeb/Layout/TableFormattingContext.cpp
@@ -1386,6 +1386,7 @@ void TableFormattingContext::BorderConflictFinder::collect_conflicting_col_eleme
             VERIFY(child_of_column_group->display().is_table_column());
             auto const& col_node = static_cast<HTML::HTMLTableColElement const&>(*child_of_column_group->dom_node());
             unsigned span = col_node.get_attribute_value(HTML::AttributeNames::span).to_number<unsigned>().value_or(1);
+            m_col_elements_by_index.resize(column_index + span);
             for (size_t i = column_index; i < column_index + span; ++i) {
                 m_col_elements_by_index[i] = child_of_column_group;
             }