Since BearSSL has to be small, Pornin has decided to ignore malloc() and dynamic allocation entirely:
Well, I suppose that's one reason. The other would be that a large number of well-known vulns are down to developer fuckups with dynamic memory handling.