Technically yes (although, by default, no), but it's more efficient than that would imply. By default, I think only small chunks are overwritten, so OpenSSL's meagre 64 KB of Heartbleed payload would have been filled with useless junk, whereas multi-megabyte mallocs() in e.g. a RDBMS would have been unaffected.
There are some other protection mechanism included, too; there's a more in-depth presentation here:
There are some other protection mechanism included, too; there's a more in-depth presentation here:
http://www.openbsd.org/papers/eurobsdcon2009/otto-malloc.pdf