GenericTaintChecker - taint status examination

Here inBuf (example_good.c - Pastebin.com) is the local buf wich was successfuly tainted.
So passing derived globInBuf to someFoo (which has system call) leads to emit Bug Report by GenericTaintChecker.
It’s all good (for example_good.c). But when example_bad.c (example_bad.c - Pastebin.com) is passed to GenericTaintChecker there is no any Bug Reports.
As far as I understand it is necessary to examine all regions from wich some symbol passed to taint sink can be derived.
So what is the best thing to do?

Also, why was globInBuf derived from symbols conjured at statements S33699, S33668 in example_good.c and from data readed by fread in example_bad.c before corresponding statements?