The Heartbleed exploit relies on reading sequentially beyond the payload. For you to be correct, then the entire 64k (the typical exploit size) would have had to have been previously part of a single malloc call (so that it is all of the same 'colour'). I haven't looked at the original offending code in detail but it would seem odd for software that has been specifially designed to be performant would go around grabbing 64k chunks of memory for no particular good reason.
My guess would be that memory is grabbed for the payload on the very first heartbeat call and then re-used rather than freed and malloc'd every time.
Obviously I could be wrong, but so could you.
Anybody care to check, I'm not sure my C is good enough ...